This bundle adds a shibboleth authentication provider for your Symfony2 project.
- [PHP][@php] 5.3.3 and up.
- [Symfony 2.1][@symfony]
ShibbolethBundle is composer-friendly.
"require": {
"kuleuven/shibboleth-bundle": "dev-master"
"repositories": [
"type": "vcs",
"url": ""
Now tell composer to download the bundle by running the command:
php composer.phar update kuleuven/shibboleth-bundle
Composer will install the bundle to your project's vendor/kuleuven directory..
Instantiate the bundle in your kernel:
// app/AppKernel.php
// ...
public function registerBundles()
$bundles = array(
// ...
new KULeuven\ShibbolethBundle\ShibbolethBundle(),
Add following lines to the .htaccess file in your projects web folder
# web/.htaccess
AuthType shibboleth
ShibRequireSession Off
ShibUseHeaders On
require shibboleth
# app/config/security.yml
pattern: ^/secured
shibboleth: ~
path: /secured/logout
target: /
success_handler: security.logout.handler.shibboleth
Possible configuration parameters are:
# app/config/config.yml
handler_path: /Shibboleth.sso
secured_handler: true
session_initiator_path: /#
username_attribute: shib-person-uid
The above listed configuration values are the default values. To use the defaults, simply use the following line in your config:
# app/config/config.yml
shibboleth: ~
This bundle doesn't include any User Provider, but you can implement your own.
If you store users in a database, they can be created on the fly when a users logs on for the first time on your application. Your UserProvider needs to implement the KULeuven\ShibbolethBundle\Security\ShibbolethUserProviderInterface
This example uses Propel ORM to store users.
namespace YourProjectNamespace\Security;
use YourProjectNamespace\Model\User;
use YourProjectNamespace\Model\UserQuery;
use KULeuven\ShibbolethBundle\Security\ShibbolethUserProviderInterface;
use KULeuven\ShibbolethBundle\Security\ShibbolethUserToken;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\User\UserProviderInterface;
use Symfony\Component\Security\Core\User\UserInterface;
use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;
use Symfony\Component\Security\Core\Exception\UnsupportedUserException;
class UserProvider implements ShibbolethUserProviderInterface
public function loadUserByUsername($username)
$user = UserQuery::create()->findOneByUsername($username);
return $user;
} else{
throw new UsernameNotFoundException("User ".$username. " not found.");
public function createUser(ShibbolethUserToken $token){
// Create user object using shibboleth attributes stored in the token.
$user = new User();
// If you like, you can also add default roles to the user based on shibboleth attributes. E.g.:
if ($token->isStudent()) $user->addRole('ROLE_STUDENT');
elseif ($token->isStaff()) $user->addRole('ROLE_STAFF');
else $user->addRole('ROLE_GUEST');
return $user;
public function refreshUser(UserInterface $user)
if (!$user instanceof User) {
throw new UnsupportedUserException(sprintf('Instances of "%s" are not supported.', get_class($user)));
return $this->loadUserByUsername($user->getUsername());
public function supportsClass($class)
return $class === 'YourProjectNamespace\Model\User';