Changed the sp setup so we don't need a base 64 encoded value.

Verfiy sp signatures if certificates are passed in
Made installation a little easier and updated the README.md
Removed EncodeAssertionUrlCommand.php as we now use actual urls.

Author: pcable

README.md

@@ -38,64 +38,6 @@ php artisan vendor:publish --tag="saml_config"
 
 will publish the config/saml.php file. 
 
-#### SAML SP entries
-
-Within the saml.php config file the SAML Service Provider array needs to be filled. Subsequently an example from the config/saml.php file:
-
-```
-'sp' => [        
-    
-    /**
-     * Sample SP entry
-     * The entry is identified by the base64 encoded URL. This example shows a possible entry for
-     * a SimpleSamlPhp service provider running on localhost:
-     * 
-     * Sample URL:         https://localhost/samlsp/module.php/saml/sp/saml2-acs.php/default-sp
-     * Base64 encoded URL: aHR0cHM6Ly9sb2NhbGhvc3Qvc2FtbHNwL21vZHVsZS5waHAvc2FtbC9zcC9zYW1sMi1hY3MucGhwL2RlZmF1bHQtc3A=
-     */
-    'aHR0cHM6Ly9sb2NhbGhvc3Qvc2FtbHNwL21vZHVsZS5waHAvc2FtbC9zcC9zYW1sMi1hY3MucGhwL2RlZmF1bHQtc3A=' => [
-    
-        // The destination is the consuming SAML URL. This might be a SamlAuthController receiving the SAML response.  
-        'destination' => 'https://localhost/samlsp/module.php/saml/sp/saml2-acs.php/default-sp',
-        // Issuer could be anything, mostly it makes sense to pass the metadata URL
-        'issuer' => 'https://localhost',
-        
-        // OPTIONAL: Use a specific audience restriction value when creating the SAMLRequest object.
-        //           Default value is the assertion consumer service URL (the base64 encoded SP url). 
-        //           This is a bugfix for Nextcloud as SP and can be removed for normal SPs.
-        'audience_restriction' => 'http://localhost',
-    ],
-    
-],
-```
-
-You can generate the base_64 encoded AssertionURL by using the following artisan command.
- 
-```bash
-   $ php artisan laravel-saml:encodeurl https://sp.webapp.com/saml/login
-   --
-   URL Given: https://sp.webapp.com/saml/login
-   Encoded AssertionURL:aHR0cHM6Ly9zcC53ZWJhcHAuY29tL3NhbWwvbG9naW4=
-```
-
-config/saml.php:
-```
-'sp' => [        
-    
-     ...
-
-    /**
-     * New entry
-     * 
-     * Sample URL:         https://sp.webapp.com/saml/login
-     * Base64 encoded URL: aHR0cHM6Ly9zcC53ZWJhcHAuY29tL3NhbWwvY29uc3VtZQ==
-     */
-    'aHR0cHM6Ly9zcC53ZWJhcHAuY29tL3NhbWwvY29uc3VtZQ==' => [
-        'destination' => 'https://sp.webapp.com/saml/consume',
-        'issuer'      => 'https://sp.webapp.com',
-    ],
-],
-```
 
 #### FileSystem configuration 
 
@@ -113,18 +55,55 @@ Within ```config/filesystem.php``` following entry needs to be added:
     ],
 ```
 
-The package controllers are using the ```storage/saml``` path for retrieving both certificates and the metadata file. Create first the storage path, then either add or link the certificates. Add also a metadata file for the SAML IDP. For help generating an IDP metadata.xml file, see https://www.samltool.com/idp_metadata.php.
+#### Setting the entity id
 
+In config/saml.php set the field idp.entity-id to your entity id. This is normally a uri, the uri doesn't need to exist, it just needs to be unique
+
+    'idp' => [
+        .....
+        'entityId' => 'http://idp.wherever.com'
+    ],
+    
+#### Generating metadata and certificates
+
+There is a sample metadata template in storage/saml/idp/metadata.blade.php, This was generated using https://www.samltool.com/idp_metadata.php
+
+Edit this template to customize it for your site.
+
+When you're finished run the following command to generate certificates and the metadata file 
+
+```
+php artisan laravel-saml:generate-meta --cert
 ```
-mkdir -p storage/saml/idp
-touch storage/saml/idp/{metadata.xml,cert.pem,key.pem}
+
+To use exisiting certificates just make sure they're present in the saml drive then run the command without the --cert option
+
+#### SAML SP entries
+
+Within the saml.php config file the SAML Service Provider array needs to be filled. 
+
 ```
+    'sp' => [
+
+        //Tableau
+        'https://sso.online.tableau.com/public/sp/SSO?alias=xxxx-xxxx-xxxx-xxxx-xxxxxxxx' => [
+            'entity-id' => 'https://sso.online.tableau.com/public/sp/metadata?alias=xxxx-xxxx-xxxx-xxxx-xxxxxxxx',
+            'certificate' => 'MIICozC........dUvTnGP18g=='
+        ],
 
-Add the contents to the metadata.xml, cert.pem and key.pem files for the IDP. 
+        //A nifty testing service provider
+        'https://sptest.iamshowcase.com/acs' => [
+
+        ]
+
+    ],
+```
 
 ### Using the SAML package
 
-To use the SAML package, some files need to be modified. Within your login view, problably ```resources/views/auth/login.blade.php``` add a SAMLRequest field beneath the CSRF field (this is actually a good place for it):
+To use the SAML package, some files need to be modified. 
+Within your login view, problably ```resources/views/auth/login.blade.php``` add a SAMLRequest field beneath the CSRF field 
+(this is actually a good place for it):
 ```
     {{-- The hidden CSRF field for secure authentication --}}
     {{ csrf_field() }}
@@ -134,37 +113,24 @@ To use the SAML package, some files need to be modified. Within your login view,
     @endif
 ```
 
-The SAMLRequest field will be filled automatically when a SAMLRequest is sent by a http request and therefore initiate a SAML authentication attempt. To initiate the SAML auth, the login and redirect functions need to be modified. Within ```app/Http/Middleware/AuthenticatesUsers.php``` add following lines to both the top and the authenticated function: 
-(NOTE: you might need to copy it out from vendor/laravel/framework/src/Illuminate/Foundation/Auth/ to your Middleware directory) 
-
+The SAMLRequest field will be filled automatically when a SAMLRequest is sent by a http request and therefore initiate a SAML authentication attempt.
+ To initiate the SAML auth, the login and redirect functions need to be modified. 
+ Within ```app/Http/Controllers/Auth/LoginController.php``` change ```use AuthenticatesUsers``` to ```use SamlAuthenticatesUsers```
+ 
 ```
-<?php
-
-namespace App\Http\Middleware;
-
-use Illuminate\Http\Request;
-use Illuminate\Support\Facades\Auth;
-use Illuminate\Foundation\Auth\RedirectsUsers;
-use Illuminate\Foundation\Auth\ThrottlesLogins;
-
-use KingStarter\LaravelSaml\Http\Traits\SamlAuth;
+use App\Http\Controllers\Controller;
+use KingStarter\LaravelSaml\Http\Traits\SamlAuthenticatesUsers;
 
-trait AuthenticatesUsers
+class LoginController extends Controller
 {
-    use RedirectsUsers, ThrottlesLogins, SamlAuth;
-    
-    ...
+...
 
-    protected function authenticated(Request $request, $user)
-    {
-        if(Auth::check() && isset($request['SAMLRequest'])) {
-            $this->handleSamlLoginRequest($request);
-        }
-    }
-    
-    ...
+    use SamlAuthenticatesUsers; 
+
+.....
 ```
 
+
 To allow later direct redirection when somebody is already logged in, we need to add also some lines to ```app/Http/Middleware/RedirectIfAuthenticated.php```:
 ```
 <?php
@@ -201,19 +167,29 @@ class RedirectIfAuthenticated
 }
 ```
 
-## SAML Service Providers (SPs)
 
-To add one or more service providers, go to the ```config/saml.php``` configuration file and scroll down to the 'sp' array. Having the Login-Address of the SAML-SP, add another entry. For reasons of internal interpretation, the URL needs to be Base64 encoded. 
+### bindings:HTTP-POST 
 
-### Debugging SP entries
+If you're using HTTP post bindings then you'll need to allow saml to get the login request via post.
 
-In case that there are some problems receiving the Base64 string or evaluating SAML authentication requests in general, it is possible to use the debugger setting ```saml.debug_saml_request``` within the config file. 
+in web.php add the new route
+
+```
+....
+Auth::routes();
+Route::post('/postLogin', 'Auth\LoginController@showLoginForm');
+```
+
+
+
+### Debugging Connection
+
+You can enable logging with the config/saml.php setting debug_saml_request
 
 ```
     // Allow debugging within SamlAuth trait to get SP data  
     // during SAML authentication request
     'debug_saml_request' => true,
 ```
 
-Make sure that the environmental logging variable ```APP_LOG_LEVEL``` is set to debug within your ```.env``` file.
-
+Make sure that the environmental logging variable ```APP_LOG_LEVEL``` is set to debug within your ```.env``` file. It will log to ```storage/logs/laravel.log```