Skip to content

GL-EVENTS/SyliusAdminSamlPlugin

BranchesTags

Repository files navigation

GL events SyliusAdminSamlPlugin

Features

This plugin allow your admin users to sign in with SAML providers (Google, Azure, Okta, etc.)

Form admin login

Installation

  1. Add the bundle to your composer.json file:
   composer require gl-events/sylius-admin-saml-plugin
   composer require onelogin/php-saml
  1. Write your Identity Provider informations in your .env file:
   SAML_IDP_ENTITY_ID=
   SAML_IDP_SSO_URL=
   SAML_IDP_SLO_URL=
   SAML_IDP_CERTIFICATE=
   SAML_IDENTIFIER_KEY=
   SAML_PROXY_VARS=false
  1. Add your SP private key in your .env file (you can generate one at your project root with openssl genpkey -algorithm RSA -out private.key):
   SAML_SP_PRIVATE_KEY=
  1. Enable or not the traditionnal sylius admin form login in your .env file:
   SYLIUS_ADMIN_LOGIN=
  1. Add the plugin class to your config/bundles.php file:
    return [
        ...
        GlEvents\SyliusAdminSamlPlugin\GlEventsSyliusAdminSamlPlugin::class => ['all' => true],
    ];
  1. Add default config
# config/packages/gl_events_saml_admin_plugin.yaml

imports:
    - { resource: "@GlEventsSyliusAdminSamlPlugin/Resources/config/config.yaml" }
  1. Add in your config/security.yaml file:
        providers:
            saml_provider:
              id: gl_events.saml_plugin.provider.saml_user
        firewalls:
              saml:
                    pattern: ^/saml
                    stateless: true
                    custom_authenticator: gl_events.saml_plugin.security.saml_authenticator
              main:
                    lazy: true
                    provider: saml_provider
        access_control:
              - { path: "%sylius.security.admin_regex%/saml", role: ROLE_SUPER_ADMIN }
              - { path: "%sylius.security.admin_regex%/login/saml", role: PUBLIC_ACCESS }
              - { path: "%sylius.security.admin_regex%/login/saml/logout", role: PUBLIC_ACCESS }
              - { path: "%sylius.security.admin_regex%/login/saml/acs", role: PUBLIC_ACCESS }
              - { path: "%sylius.security.admin_regex%/login/saml/sls", role: PUBLIC_ACCESS }
              - { path: "%sylius.security.admin_regex%/login/saml/metadata", role: PUBLIC_ACCESS }
  1. Add in your config/routes.yaml file:
   glevents_sylius_admin_saml_plugin:
        resource: "@GlEventsSyliusAdminSamlPlugin/Resources/config/routing.yml"
  1. If your application runs behind a reverse proxy (load balancer, Kubernetes ingress, etc.) that terminates SSL, set SAML_PROXY_VARS=true in your .env file:
SAML_PROXY_VARS=true

This tells the onelogin/php-saml library to read X-Forwarded-Proto, X-Forwarded-Host and X-Forwarded-Port headers when building the current URL for SAML response validation. Without this, the library detects http:// instead of https:// and rejects the SAML response with an error like "The response was received at http://... instead of https://...".

Also verify your Symfony trusted_proxies and trusted_headers settings so that $request->getScheme() also returns the correct scheme, see: https://symfony.com/doc/current/deployment/proxies.html#but-what-if-the-ip-of-my-reverse-proxy-changes-constantly

  1. You are now ready to go ! 🚀

Credits

Developed by GL Events.

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

5 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 11

Add env SAML_PROXY_VARS Latest
Jun 15, 2026
+ 10 releases

Packages

 
 
 

Contributors

Languages