A SimpleSamlPHP module for using ReadID as authentication source

Overview

ReadID simpleSAMLphp auth module

This module adds ReadID Ready App as auth source to simpleSAMLphp. ReadID Ready is an app that can read the data from your passport or other identity documents. Besides collecting your personal data from the document chip it also verifies if your identity document is valid and authentic. By using this module you can use an ID-card, passport or drivers-licence to authenticate.

Disclaimer

This module was not created by ReadID or InnoValor (the company that created ReadID) and will not be supported by them. Please use github issues for any questions about this module. A valid contract for using ReadID Ready is required for using this module. For more information on ReadID see https://www.readid.com/

Usage

SimpleSAMLphp makes use of Composer to manage dependencies and third-party modules. Just execute the following command:

composer.phar require surf/simplesamlphp-module-readid

Please note that if you don't have console access to your web server, you will need to deploy the module somewhere else and then copy the files to your server.

Config

Add the authentication source to authsource.php:

$config = [
...
    'readid' => [
        'readid:ReadID',
        'apiCreateSession' => '/odata/v1/ODataServlet/createReadySession',
        'requesterApiKey' => 
   
    
        'iProov' => true,
        'scope' => '
    
     ',
        'timeout' => 180,
    ],
...

    
   
  • apiCreateSession, you probably won't have to change this
  • requesterApiKey, is the ReadID key that can request sessions
  • iProov, enable or disable iProov during the ReadID process
  • scope, the scope added to scoped attributes. You can adjust the (SAML) attribute mapping in lib/Auth/Source/ReadID.php::getUser()
  • timeout, how long does the user have to complete the reading of their document before a timeout message is shown

The authsource also needs a specific readid configuration config-readid.conf in the config directory:

 '
   
    ',
    'apiBaseUrl' => 'https://
    
     ',
    'apiReadSession' => '/odata/v1/ODataServlet/Sessions',
    'viewerApiKey' => 
     
      ,
    'callbackUser' => 
      
       ,
    'callbackPassword' => 
       
        , ]; 
       
      
     
    
   
  • dbfile contains the location of the temporary session database. This is an sqlite file and needs to be writeable by the webserver user.
  • apiBaseUrl is the ReadID base URL you want to use (without trailing slash), please consult the ReadID documentation
  • apiReadSession, you probably won't have to change this
  • viewerApiKey is the ReadID key that can view sessions
  • callbackUser and callbackPassword are the user/password you configure at ReadID so that they can call our authenticated callback endpoint
You might also like...
PHP library for Two Factor Authentication (TFA / 2FA)
PHP library for Two Factor Authentication (TFA / 2FA)

PHP library for Two Factor Authentication PHP library for two-factor (or multi-factor) authentication using TOTP and QR-codes. Inspired by, based on b

Provides a unified interface to local and remote authentication systems.

Aura.Auth Provides authentication functionality and session tracking using various adapters; currently supported adapters are: Apache htpasswd files S

Vendor-Agnostic Two-Factor Authentication

Multi-Factor Designed to be a vendor-agnostic implementation of various Two-Factor Authentication solutions. Developed by Paragon Initiative Enterpris

:octocat: Socialite is an OAuth2 Authentication tool. It is inspired by laravel/socialite, you can easily use it without Laravel.

Socialite Socialite is an OAuth2 Authentication tool. It is inspired by laravel/socialite, You can easily use it in any PHP project. 中文文档 This tool no

🔐 JSON Web Token Authentication for Laravel & Lumen
🔐 JSON Web Token Authentication for Laravel & Lumen

Documentation Documentation for 1.* here For version 0.5.* See the WIKI for documentation. Supported by Auth0 If you want to easily add secure authent

A One Time Password Authentication package, compatible with Google Authenticator.
A One Time Password Authentication package, compatible with Google Authenticator.

Google2FA Google Two-Factor Authentication for PHP Google2FA is a PHP implementation of the Google Two-Factor Authentication Module, supporting the HM

LDAP Authentication & Management for Laravel

👋 Hey there! Looking for something even easier to use for LDAP integration in your Laravel applications? 🎉 Introducing LdapRecord 🎉 LdapRecord is t

A Simple method to create laravel authentication for an existing laravel project.
A Simple method to create laravel authentication for an existing laravel project.

Laravel Simple Auth A Simple method to create laravel authentication for an existing laravel project. Indroduction Why I created this kind of package?

Library to manage HTTP authentication with PHP. Includes ServiceProviders for easy Laravel integration.

Intervention HttpAuth Library to manage HTTP authentication with PHP. Includes ServiceProviders for easy Laravel integration. Installation You can ins

Owner
SURF
SURF
It's a Laravel 8 authentication markdown that will help you to understand and grasp all the underlying functionality for Session and API Authentication

About Auth Starter It's a Laravel 8 authentication markdown that will help you to understand and grasp all the underlying functionality for Session an

Sami Alateya 10 Aug 3, 2022
phpCAS is an authentication library that allows PHP applications to easily authenticate users via a Central Authentication Service (CAS) server.

phpCAS is an authentication library that allows PHP applications to easily authenticate users via a Central Authentication Service (CAS) server.

Apereo Foundation 780 Dec 24, 2022
This module is intended to provide oauth authentication to freescout.

OAuth FreeScout This module is intended to provide oauth authentication to freescout. Module was tested on keycloak oauth provider with confidential o

Michael Bolsunovskyi 9 Dec 21, 2022
LogRegPHP is a simple authentication module coded in object-oriented PHP.

LogRegPHP is a simple authentication module coded in object-oriented PHP. It provides you with some helper classes to help you get on speed with your project.

NIXX 1 Sep 27, 2022
KeyAuth is an open source authentication system with cloud-hosted subscriptions available aswell

KeyAuth is an open source authentication system with cloud-hosted subscriptions available aswell

null 158 Dec 23, 2022
This is a basic Oauth2 authorization/authentication server implemented using Mezzio.

Mezzio-OAuth2-Authorization-Authentication-Server This is a basic OAuth2 authorization/authentication server implemented using Mezzio. I have found so

null 1 Nov 15, 2022
Multi-factor Authentication using a Public PGP key for web based applications

PGPmfa() a PHP Class for PGP Multi-factor Authentication using a Public PGP key for web based applications Multi-factor Authentication with PGP Second

null 2 Nov 27, 2022
Library emulating the PHP internal reflection using just the tokenized source code

PHP Token Reflection In short, this library emulates the PHP reflection model using the tokenized PHP source. The basic concept is, that any reflectio

Ondřej Nešpor 190 Jul 25, 2022
Multi-provider authentication framework for PHP

Opauth is a multi-provider authentication framework for PHP, inspired by OmniAuth for Ruby. Opauth enables PHP applications to do user authentication

Opauth – PHP Auth Framework 1.7k Jan 1, 2023
A framework agnostic authentication & authorization system.

Sentinel Sentinel is a PHP 7.3+ framework agnostic fully-featured authentication & authorization system. It also provides additional features such as

Cartalyst 1.4k Dec 30, 2022