Multiple IdPs with different config? about laravel-saml2 HOT 6 OPEN

Totally understand the problem @nicolus. I'm currently working on the next major version and trying to solve this problem via "resolvers". You'll be able to either extend existing one or create your own. You can check out implementation here.

Let me know if that would solve the problem.

from laravel-saml2.

So to be clear, do you want to be able to adjust any configuration?

from laravel-saml2.

Yes, I would need to have individual configuration. I do have 2 onelogin/php-saml systems at the moment and about to add a 3. The first is connection to a Active Directory. the other two are for two SAP systems.

from laravel-saml2.

@brezzhnev @kw-pr : I think this is related to #43

And as I said there, it would be useful indeed to have a way to override any setting for a specific IdP (which was the case with aacotroneo/laravel-saml2.

What I ended up doing in the meantime is store the settings and create a new middleware that looks like this :

<?php

namespace App\Http\Middleware;

use Closure;
use Illuminate\Http\Request;
use Illuminate\Support\Arr;
use Illuminate\Support\Facades\Config;
use Slides\Saml2\Repositories\TenantRepository;

class OverrideSamlSpConfig
{
    public function __construct(protected TenantRepository $tenants)
    {
    }

    public function handle(Request $request, Closure $next)
    {
        if ($uuid = $request->route('uuid')) {
            $config = $this->tenants->findByUUID($uuid)->metadata['saml2_config'] ?? [];

            foreach(Arr::dot($config) as $path => $value) {
                Config::set('saml2.' . $path, $value);
            }
        }

        return $next($request);
    }
}

That I include in the 'saml' middlewares in App\Http\Kernel :

'saml' => [
    \Illuminate\Session\Middleware\StartSession::class,
    \App\Http\Middleware\OverrideSamlSpConfig::class,
],

You also need to make sure that it's loaded before the resolver middleware with $middlewarePriority in the same Kernel file :

protected $middlewarePriority = [
    \App\Http\Middleware\AuthenticateWithBearerToken::class,
    \App\Http\Middleware\Authenticate::class,
    \App\Http\Middleware\AddLogContext::class,
    \App\Http\Middleware\OverrideSamlSpConfig::class,
    \Slides\Saml2\Http\Middleware\ResolveTenant::class,
];

Then you can add the config in your idp metadata column like so :

{
  "saml2_config": {
    "security": {
      "requestedAuthnContext": false
    }
  }
}

Hope that can help someone.

from laravel-saml2.

So the idea is that I would make my own classes that implement ResolvesIdentityProvider or ResolvesIdpConfig and then bind them in my AppServiceProvider so they replace the default ones ?

If so, that sounds perfect, thanks !

from laravel-saml2.

Yeah, almost like that, but instead of binding another dependency in the service provider, you would need to change the class reference using resolvers.config in the config/saml2.php

I thought that would be easier, but DI is also an option to consider.

from laravel-saml2.