Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Several identity providers #94

Open
ghost opened this issue May 1, 2019 · 17 comments
Open

Several identity providers #94

ghost opened this issue May 1, 2019 · 17 comments

Comments

@ghost
Copy link

ghost commented May 1, 2019
edited by ghost

Hi @hslavich!
Is it possible to have several different identity providers?
For example:
config.yml
hslavich_onelogin_saml:
idp1:
........
idp2:
........
sp:
.......

How can I dynamically modify config if not?
@PatrickHuetter
Copy link

Yes that would be interesting. In todays workloads there are often multiple IDPs and it's also needed to configure them dynamically while application lifecycle because you might manage them in your database or similar.

htuscher added a commit to 1drop/OneloginSamlBundle that referenced this issue Sep 18, 2019
@htuscher
[FEATURE] have multiple idps
fcac199 
Relates hslavich#94
@htuscher htuscher mentioned this issue Sep 18, 2019
Merged
@htuscher
Copy link
Contributor

As we urgently needed that, I just built it. See my PR.
So thankful for this library. Doing SAML is just pain in PHP.

@guillaumepotier
Copy link

[Repost from PR just in case ;)]

Hi guys,

I'm just seeing this issue and this is great news for us because we are looking to integrate SAMLv2 login in our application, for various distinct customers, and thus we need multiple idps. (see my original stackoverflow question here).

We initially were planning to create our own open source bundle (another one...) to address this issue since no other one seemed to be interested by this feature. I think it should be better for the Symfony community to minimise the number of similar bundles out there and we'd be interested to contribute here and help implementing this feature on this bundle.

How could we help there? How should we plan to support this while do not making BC breaks (or bumping major version with BC breaks inside?).

We'd be glad to support this change and make a PR once we're okay on the way to implement/configure it.

Best

@hslavich
Copy link
Owner

hslavich commented Nov 21, 2019
edited

The PR was merged but it introduced big BC breaks and other issues. It seems this features needs some BC break and it should be tested properly.
Theres is a branch 'multipleidps' that you can use for testing and modifications. I'll be working in this feature soon.
Thanks

@guillaumepotier
Copy link

Theres is a branch 'multipleidps' that you can use for testing and modifications. I'll be working in this feature soon.

Great to read that. What is your definition of "soon" ? :) We'll need it by the end of the year, and will fork your repo and contribute. If we could help you on that feature, please don't hesitate to tell us.

Do you want us to test it?
Do you want to change the way multiple idps are configured?

It would be great if we could help you the right way on that matter :)

Cheers 🍻

@hslavich
Copy link
Owner

It would be great if you can test it with Symfony 3 and 4 and give some feedback. Unit tests should be updated too, that will help a lot.
Maybe this current state works for you and you can use it with no big changes.

@htuscher
Copy link
Contributor

We are using it in a production application with Symfony 4.3.8 and API Platform.

@mathieu-gilloots
Copy link

I would love this feature too.
Is there any implementation with database configuration instead of file config ?
Indeed our client have their own SSO (and 1 per environment staging / prod) and it will be great if We could configure them through database.

Thanks

@htuscher
Copy link
Contributor

You can implement that yourself using CompilerPass in Symfony.

@tobyski-tdsultra
Copy link

Can anyone tell me if support for multiple IDPs was ever added officially? I can see the experimental multipleidps branch is a couple of years old now.

@a-menshchikov
Copy link
Collaborator

@tobyski-tdsultra, multiple IdP support not added yet.

@mansourih
Copy link

mansourih commented Oct 8, 2021
edited

It is a mandatory evolution for me. I am forced to use another solution. My application must establish an sso connection to 2 different IdPs.

@a-menshchikov
Copy link
Collaborator

If you using Symfony 6 for your application, you can use nbgrp/onelogin-saml-bundle that supports multiple IdP configuration.

@mussbach
Copy link

This is great news, but what if we are not able yet to use Symfony 6? Any advice?

@a-menshchikov
Copy link
Collaborator

Unfortunately I have no advice right now.

@gprince64
Copy link

Hello there,
Sorry to bump this old issue.

We are upgrading an old SF 3.4 project to newer SF5, and the old SAML bundle I used is no longer maintained for SF5.

I am wishing to use this bundle, but we must have different IDPs configured for our project.
Will this feature be available soon ?
If not, should I consider using the multiple idps branch ?

I cannot use the SF6 https://github.com/nbgrp/onelogin-saml-bundle because SF6 breaks several other bundles we are using.
Kinda stuck on this right now....

@a-menshchikov
Copy link
Collaborator

@gprince64 hi.
AFAIK, there is no plan to add multiple IdP support. The separated branch is quite outdated.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
10 participants
@guillaumepotier @hslavich @PatrickHuetter @mathieu-gilloots @a-menshchikov @htuscher @mansourih @gprince64 @mussbach @tobyski-tdsultra