working Shibboleth authentication

.env.example

@@ -365,17 +365,20 @@ AUTHENTICATION_METHOD=""
 # -------------------------------
 #
 # SHIBBOLETH_LOGIN_URL: Path to the Shibboleth login handler "{$scheme}://{$_SERVER['HTTP_HOST']}/{$loginPath}{$loginPage}"
+# e.g. SHIBBOLETH_LOGIN_URL="/Shibboleth.sso/Login?entityID=https://YOUR_IDP/idp/shibboleth&target=https://YOUR_HAWKI/req/login-shibboleth"
 # SHIBBOLETH_LOGOUT_URL: URL for Shibboleth logout
+# e.g SHIBBOLETH_LOGOUT_URL="https://YOUR_HAWKI/Shibboleth.sso/Logout"
 # ShIBBOLETH_NAME_VAR: Defined attribute on shibboleth server for name
 # ShIBBOLETH_EMPLOYEETYPE_VAR: Defined attribute on shibboleth server for employee type
 # ShIBBOLETH_EMAIL_VAR: Defined attribute on shibboleth server for email address
 
 #SHIBBOLETH_LOGIN_URL=""
 #SHIBBOLETH_LOGOUT_URL=""
 
-#SHIBBOLETH_NAME_VAR="displayname"
-#SHIBBOLETH_EMAIL_VAR="email"
-#SHIBBOLETH_EMPLOYEETYPE_VAR="employeetype"
+#SHIBBOLETH_GNAME_VAR="givenName"
+#SHIBBOLETH_SNAME_VAR="sn"
+#SHIBBOLETH_EMAIL_VAR="mail"
+#SHIBBOLETH_EMPLOYEETYPE_VAR="affiliation"
 
 # -------------------------------
 # OpenID Connect (OIDC) Configuration

app/Services/Auth/ShibbolethService.php

@@ -26,16 +26,16 @@ public function authenticate(Request $request)
         // Check if the user is authenticated
         if (!empty($_SERVER['REMOTE_USER'])) {
             // Retrieve configuration variables
-            $nameVar = config('shibboleth.attribute_map.name');
+            $gnameVar = config('shibboleth.attribute_map.sname');
+            $snameVar = config('shibboleth.attribute_map.gname');
             $mailVar = config('shibboleth.attribute_map.email');
             $employeetypeVar = config('shibboleth.attribute_map.employeetype');
-
             // Check if the required attributes are present in the $_SERVER array
-            if (isset($_SERVER[$nameVar], $_SERVER[$mailVar], $_SERVER[$employeetypeVar])) {
+            if (isset($_SERVER[$snameVar], $_SERVER[$gnameVar], $_SERVER[$mailVar], $_SERVER[$employeetypeVar])) {
                 // Return user information
                 return $userInfo = [
                     'username' => $_SERVER['REMOTE_USER'],
-                    'name' => $_SERVER[$nameVar],
+                    'name' => $_SERVER[$gnameVar].' '.$_SERVER[$snameVar],
                     'email' => $_SERVER[$mailVar],
                     'employeetype' => $_SERVER[$employeetypeVar]
                 ];
@@ -47,7 +47,7 @@ public function authenticate(Request $request)
             // Redirect to the Shibboleth login page
             $loginPath = config('shibboleth.login_path');
             if (!empty($loginPath)) {
-                return redirect($loginPath);
+                redirect($loginPath)->send();
             } else {
                 // Error handling if the login path is not set
                 return response()->json(['error' => 'Login path is not set'], 500);

config/shibboleth.php

@@ -7,8 +7,9 @@
 
     'attribute_map' => [
         'email' => env('SHIBBOLETH_EMAIL_VAR', 'mail'),
-        'employeetype' => env('SHIBBOLETH_EMPLOYEETYPE_VAR', 'employee'),
-        'name' => env('SHIBBOLETH_NAME_VAR', 'displayname'),
+        'employeetype' => env('SHIBBOLETH_EMPLOYEETYPE_VAR', 'affiliation'),
+        'gname' => env('SHIBBOLETH_GNAME_VAR', 'givenName'),
+        'sname' => env('SHIBBOLETH_SNAME_VAR', 'sn'),
     ],
 
-];
+];

routes/web.php

@@ -29,6 +29,7 @@
     Route::get('/login', [LoginController::class, 'index']);
     Route::post('/req/login-ldap', [AuthenticationController::class, 'ldapLogin']);
     Route::post('/req/login-shibboleth', [AuthenticationController::class, 'shibbolethLogin']);
+    Route::get('/req/login-shibboleth', [AuthenticationController::class, 'shibbolethLogin']);
     Route::post('/req/login-oidc', [AuthenticationController::class, 'openIDLogin']);
 
 
@@ -135,4 +136,4 @@
 
 
 
-});
+});