1. 技术文章
  2. How to Authenticate the data from Microsoft Azure AD using Laravel and redirect it to Home?

How to Authenticate the data from Microsoft Azure AD using Laravel and redirect it to Home?

℡╲_俬逩灬. 提交于 2021-01-29 07:52:06

问题


I'm trying to authenticate Microsoft Azure AD with my laravel web app. Currently I'm referring Azure Active Directory SSO with Laravel. I managed to retrieve the data from the microsoft azure ad but the problem is it doesn't redirect to /home view instead it redirect to login view.

I have one idea which is to link the email from Microsoft and email from the model so that it can directly go to home page. But i dont know how to pass the Microsoft data (from provider) to controller. The code(in Provider) below is what I did so far.

namespace App\Providers;
use Illuminate\Support\ServiceProvider;
use Aacotroneo\Saml2\Events\Saml2LoginEvent;
use App\User;
use Illuminate\Support\Facades\Event;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Hash;

class SAML2ServiceProvider extends ServiceProvider
{
    
protected $namespace = 'App\Http\Controllers';
    public const HOME = '/home';
    public function register()
    {
        //
    }

    public function boot()
    {
        Event::listen('Aacotroneo\Saml2\Events\Saml2LoginEvent', function (Saml2LoginEvent $event) {

            // dd($event);
            $messageId = $event->getSaml2Auth()->getLastMessageId();
            // Add your own code preventing reuse of a $messageId to stop replay attacks

            $user = $event->getSaml2User();
            $userData = [
                'id' => $user->getUserId(),
                'attributes' => $user->getAttributes(),
                'assertion' => $user->getRawSamlAssertion()
            ];

            //dd($userData);
            $inputs = [
                'sso_user_id'  => $user->getUserId(),
                'username'     => $user->getAttribute('http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name'),
                'email'        => $user->getAttribute('http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress'),
                'first_name'   => $user->getAttribute('http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname'),
                'last_name'    => $user->getAttribute('http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname'),
                'password'     => Hash::make('anything'),
             ];

            //  dd($inputs);

            // $user = User::where('sso_user_id', $inputs['sso_user_id'])->where('email', $inputs['email'])->first();
            // if(!$user){
            //     $res = PortalUser::store($inputs);
            //     if($res['status'] == 'success'){
            //         $user  = $res['data'];
            //         Auth::guard('web')->login($user);
            //     }else{
            //         Log::info('SAML USER Error '.$res['messages']);
            //     }
            // }else{
                Auth::guard('web')->login($user);
            // }

        });
    }
}

Can anyone please help me on this issue. Thank you very much.


回答1:


My colleague help me on this and below are the solution where he link the Microsoft email with email from the model


namespace App\Providers;

use Illuminate\Support\ServiceProvider;
use Aacotroneo\Saml2\Events\Saml2LoginEvent;
use App\User;
use Illuminate\Support\Facades\Event;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Hash;

class SAML2ServiceProvider extends ServiceProvider
{
    /**
     * Register services.
     *
     * @return void
     */

    protected $namespace = 'App\Http\Controllers';

    public const HOME = '/home';

    public function register()
    {
        //
    }

    /**
     * Bootstrap services.
     *
     * @return void
     */
    public function boot()
    {
        Event::listen('Aacotroneo\Saml2\Events\Saml2LoginEvent', function (Saml2LoginEvent $event) {

            // dd($event);
            // $messageId = $event->getSaml2Auth()->getLastMessageId();
            // Add your own code preventing reuse of a $messageId to stop replay attacks

            $user = $event->getSaml2User();
            // $userData = [
            //     'id' => $user->getUserId(),
            //     'attributes' => $user->getAttributes(),
            //     'assertion' => $user->getRawSamlAssertion()
            // ];

            // dd($userData);
            $inputs = [
                'sso_user_id'  => $user->getUserId(),
                'username'     => $user->getAttribute('http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name'),
                'email'        => $user->getAttribute('http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress'),
                'first_name'   => $user->getAttribute('http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname'),
                'last_name'    => $user->getAttribute('http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname'),
                'password'     => Hash::make('anything'),
             ];

            //  dd($inputs['email'][0]);



            $user = User::where('email', $inputs['email'][0])->first();
            // dd($user->id);

            if(!$user){
               return view ('404');
            }else{
                Auth::loginUsingId($user->id);
                session()->regenerate();
            }

        });
    }
}


来源:https://stackoverflow.com/questions/64155625/how-to-authenticate-the-data-from-microsoft-azure-ad-using-laravel-and-redirect

标签
php
laravel
azure-active-directory
single-sign-on
saml-2.0
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!