SAML SP Single Sign On - SSO for OctoberCMS
SAML 2.0 Single Sign On (SSO) Authentication for OctoberCMS by miniOrange
SAML SP Single Sign On - SSO for OctoberCMS allows users residing at SAML 2.0 compliant Identity Provider to log in to your OctoberCMS website. We support all known IdPs - ADFS, Azure AD, Google Apps, Keycloak, Okta, Salesforce, Shibboleth, SimpleSAMLphp, OpenAM, Centrify, Ping, RSA, IBM, Oracle, OneLogin, Bitium, WSO2, NetIQ, miniOrange, etc. Refer guide to set up the plugin with your IdP.
SAML SP Single Sign On - SSO Plugin acts as a SAML 2.0 Service Provider which can be configured to establish the trust between the plugin and various SAML 2.0 supported Identity Providers to securely authenticate the user to the October CMS via SSO.
Easily Configure the Identity Provider by providing just the SAML login URL, IDP Entity ID, and Certificate.
Easily integrate the login link with your OctoberCMS site using SSO Button Component. Just drop it in a desirable place on your site.
Automatic user registration for 10 users after login if the user is not already registered with your site.
Standard Attribute Mapping maps the response to your Users' username and email credentials.
Supports both Backend and Frontend authentication.
This plugin requires the RainLab.User plugin to be installed in your OctoberCMS instance.
The plugin depends on and automatically integrates with the user management provided by RainLab.User plugin. All users are created and authenticated based on email address received in NameID through the SAML 2.0 SP plugin, and can be seen in the Users view provided by the RainLab.User plugin.
This plugin creates a Main menu item Single Sign On found at the main nav bar at the top of the page. This menu has four side menu items - Plugin Settings, Upgrade, Account, and Support. Plugin settings allow the configuration of SAML settings. You will be able to see three tabs - IdP Settings, SP Settings, and Attribute Mapping - which are explained in detail below.
In this tab, you are supposed to fill in the Single Sign On endpoints/URLs/details supplied by your Identity Provider.
- IDP Name : This field is not critical to the functionality of the plugin and is provided only for your convenience.
- IDP Entity ID : This is the first of the required fields for working functionality and is provided by your Identity Provider. Also known as IDP Issuer ID.
- SAML Login URL : This is the second of the required fields for working functionality and is provided by your Identity Provider. Also known as Single Sign On URL.
- SAML x509 Certificate : This is the third of the required fields for working functionality and is provided by your Identity Provider.
Make sure to click Save.
All the three required fields are critical to SAML Authentication and the Test Configuration feature provided at the bottom of the page should be used to make sure your configurations are correct. Make sure to hit Save before clicking Test Configuration
This tab automatically generates and provides you with the minimum endpoints that you need to provide to your Identity Provider - SP Entity ID also known as Audience URI or SP Issuer ID and ACS URL also known as Single Sign On URL. The Download Certificate link can be used to download the SP's public certificate in case the Identity Provider requires it.
This tab is disabled in the free version. However, you will be able to see "NameID" as the default value in the Username and Email fields. The value received in NameID will be stored against the User's username and email while creating a new user.
On the left-hand side pane, you will see the Upgrade menu. Here you can compare the features of the Free version with the Premium version of the plugin.
On the left-hand side pane, you will see the Support menu. Using the form on this page you can send us at MiniOrange Security Software a query regarding technical difficulties or a premium upgrade. You will have to enter your name and phone (optional) to send us mail. We are committed to providing you with the highest quality of support through emails, screen share & plugin troubleshooting. Drop us a mail at firstname.lastname@example.org to schedule a call.
On the left-hand side pane, you will see the Account menu. You can register to miniOrange for upgrade and query. You will have to enter a valid email address and a password and nothing more to quickly register for free with miniOrange to access the support form.
SSO Button Component
The SSO Button can be placed on any page and clicking it will start the Single Sign On flow. For ease of understanding to the end user, place it on the same page as your login/account form provided by User plugin but it's totally upto you and the placement of this button does not affect the functionality in any way. The working of the SSO Button does not depend on another component being present on the same page.
Admin/backend users can Single Sign On into the backend using the same SAML configuration. They will be authenticated against email address registered under their backend account. A "Single Sign On" button will be automatically generated on the backend login screen.
You can upgrade to the premium version of this plugin for the following features.
- Advanced Attribute Mapping
- Configurable SAML request binding type
- SAML Single Logout
- Force Authentication and Auto-Redirect to IdP
- Signed Response and Assertion
- many more..
If you are looking for any special use case or customization drop us a mail at email@example.com.
The following plugin is required
php artisan plugin:install Miniorange.Samlsp
Main Navigation Bar Single Sign On > Plugin Settings
IDP Settings Example
IDP Name : YouCanNameYourIdpAnything
SAML Login URL : https://your-idp.com/saml/sso
IDP Entity ID : https://your-id.com/some-random-string
SAML x509 Certificate: signing certificate provided by IDP
Refer Guide for more details.
Found the plugin useful on 27 Jun, 2019
One of the great things, if one goes with the MinOrange SSO plugin, is the high-quality support. MinOrange has multiple support staff who know what they are doing and will help you to ensure that the plugin is working correctly. Thank you!
Replied on 20 Aug, 2020
Hi Shrishail - thanks for the Feedback, really makes a difference to us. Appreciate you like the plugin and support.
Minor changes for Premium upgrade
Aug 20, 2020
Fixed Issue for SAML request with ADFS
Aug 12, 2020
Updated table miniorange_samlsp_saml_config
Nov 13, 2019
Improved upgrade flow
Jun 05, 2019
May 24, 2019
Fixed Support Form
May 23, 2019
Created table miniorange_samlsp_customer_details
May 21, 2019
May 21, 2019
The plugin can be upgraded through the backend if updates are enabled.