Beartropy SAML2
Accessing the Panel
/saml2/admin. The panel is protected by the middleware configured in admin_middleware (default: ['web', 'auth']).
Main Dashboard
The dashboard provides an overview of your SAML2 configuration.
Service Provider Information
At the top, you'll see your SP data to share with IDP administrators:
| Field | Description |
|---|---|
| Entity ID | Unique identifier for your application |
| ACS URL | Assertion Consumer Service URL |
| Metadata URL | Link to XML metadata (click to view) |
Identity Provider List
A table with all configured IDPs showing:
- Key - Unique IDP identifier (slug)
- Name - Human-readable IDP name
- Entity ID - IDP identifier
- Status - Active/Inactive badge
- Mapping - Global or Custom mapping badge
- Actions - Edit, Mapping, Activate/Deactivate, Refresh, Delete
Create New IDP
Click "+ Add IDP" on the dashboard to add a new Identity Provider.
Import from URL
The fastest way to configure an IDP: enter the metadata URL in the top section and click "Fetch". Fields will be filled automatically.
Form Fields
| Field | Required | Description |
|---|---|---|
| IDP Key | ✓ | Unique identifier (slug). E.g., azure-prod |
| IDP Name | ✓ | Display name in UI |
| Entity ID | ✓ | IDP Entity ID |
| SSO URL | ✓ | Single Sign-On URL |
| SLO URL | — | Single Logout URL (optional) |
| X.509 Certificate | ✓ | IDP's public certificate |
| Metadata URL | — | URL for automatic metadata refreshing |
| Active | — | Enable/disable the IDP |
Attribute Mapping
Attribute mapping normalizes SAML claims from different IDPs into consistent fields in your application.
Accessing the Mapping Editor
Click "Mapping" in the IDP list to open the mapping editor for that IDP.
Global vs Custom Mapping
| Type | Description |
|---|---|
| Global | Uses mapping defined in config/beartropy-saml2.php |
| Custom | IDP-specific mapping that overrides global settings |
Azure AD Mapping Example
| Local Field | SAML Attribute |
|---|---|
| http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress | |
| name | http://schemas.microsoft.com/identity/claims/displayname |
| firstname | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname |
| lastname | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname |
| groups | http://schemas.microsoft.com/ws/2008/06/identity/claims/groups |
Activate/Deactivate IDP
You can activate or deactivate an IDP without deleting it. Click "Activate" or "Deactivate" in the IDP list.
| State | Badge | Behavior |
|---|---|---|
| Active | Active | IDP is available for login |
| Inactive | Inactive | IDP does not appear in login options |
Tip: Deactivate an IDP temporarily during maintenance without losing its configuration.
Refresh Metadata
If an IDP has a metadata_url configured, you can update its configuration automatically by clicking the refresh button (↻) in the IDP list.
Caution: This process will overwrite any manual changes made to Entity ID, SSO URL, SLO URL, and Certificate fields.
Admin Panel Customization
Use Custom Layout
To integrate the panel with your application's layout:
1// config/beartropy-saml2.php2'layout' => 'layouts.admin', // Your custom layoutLayout Requirements
Your layout must include these yield directives:
1{{-- resources/views/layouts/admin.blade.php --}} 2<!DOCTYPE html> 3<html> 4<head> 5 <title>@yield('title')</title> 6 {{-- Your styles --}} 7</head> 8<body> 9 {{-- Your header/sidebar --}}10 11 <main>12 @if(session('success'))13 <div class="alert alert-success">{{ session('success') }}</div>14 @endif15 16 @if(session('error'))17 <div class="alert alert-error">{{ session('error') }}</div>18 @endif19 20 @yield('content')21 </main>22 23 @yield('scripts')24</body>25</html>Publish Views
For full appearance customization:
1php artisan vendor:publish --tag=beartropy-saml2-viewsProtecting the Admin Panel
Custom Middleware
Restrict access to administrators:
1// config/beartropy-saml2.php2'admin_middleware' => ['web', 'auth', 'can:manage-saml'],Define a Gate
Define the Gate in your AuthServiceProvider:
1// app/Providers/AuthServiceProvider.php 2use Illuminate\Support\Facades\Gate; 3 4public function boot(): void 5{ 6 Gate::define('manage-saml', function ($user) { 7 return $user->hasRole('admin'); 8 // or: return $user->is_admin; 9 // or: return in_array($user->email, ['admin@company.com']);10 });11}Using Spatie Permission
With spatie/laravel-permission:
1'admin_middleware' => ['web', 'auth', 'role:admin'],2// or3'admin_middleware' => ['web', 'auth', 'permission:manage-saml'],Disabling the Panel
If you prefer managing IDPs via Artisan only:
1// config/beartropy-saml2.php2'admin_enabled' => false,Or via .env:
1SAML2_ADMIN_ENABLED=falseInternationalization (i18n)
The panel is fully translated. To customize translations:
1php artisan vendor:publish --tag=beartropy-saml2-lang
Edit files in lang/vendor/beartropy-saml2/:
en/saml2.php- Englishes/saml2.php- Spanish
Admin Panel Routes
| Route | Method | Description |
|---|---|---|
| /saml2/admin | GET | Main dashboard |
| /saml2/admin/idp/create | GET | Create IDP form |
| /saml2/admin/idp | POST | Store new IDP |
| /saml2/admin/idp/{id} | GET | Edit IDP form |
| /saml2/admin/idp/{id} | PUT | Update IDP |
| /saml2/admin/idp/{id} | DELETE | Delete IDP |
| /saml2/admin/idp/{id}/toggle | POST | Activate/deactivate IDP |
| /saml2/admin/idp/{id}/mapping | GET/POST | Mapping editor |
| /saml2/admin/idp/{id}/refresh | POST | Refresh metadata |