Note : The information contained on this page does not create a joint venture, partnership, agency or other form of association, or an express or implied license grant by either party to the other under any patent, trademark, copyright, trade secret or other intellectual property right.

ExpressionEngine

miniOrange provides secure access to ExpressionEngine for enterprises and full control over access of applications, Single Sign On (SSO) into ExpressionEngine with one set of login credentials.

miniOrange SAML Single Sign on (SSO) plugin acts as a SAML Service Provider which can be configured to establish the trust between the plugin and a SAML capable Identity Providers to securely authenticate the user to the ExpressionEngine site.

• Single Sign On

  miniOrange Single Sign On (SSO) Solution provides easy and seamless access to all enterprise resources with one set of credentials. miniOrange provides Single Sign On (SSO) to any type of devices or applications whether they are in the cloud or on-premise.

Features :

• Easily Configure the Identity Provider by providing just the metadata URL or metadata file of the Identity Provider.
• Provides Single Sign-On functionality for admins to log into Control Panel using any SAML 2.0 compliant IdP.
• Using this module, admins don’t need to remember passwords. If they have an account in the IdP, then they can log in using that IdP. Also, automatic user registration after login if the user is not already registered with your site.

Follow the Step-by-Step Guide given below for ExpressionEngine Single Sign On (SSO) using SAML

Step 1: Download and Install Plugin

• You can install and download the miniOrange SAML 2.0 SSO SP plugin in ExpressionEngine from EE Marketplace.
• Copy and paste the ‘miniorange_saml_sso’ folder inside /system/user/addons/
• Go to admin panel of your website “https://example.com/admin.php”
• Click on ‘Developer’ > ‘Addons’
• Scroll Down and click on ‘Install’ beside the addon named ‘Miniorange SAML SSO’



• Click on the cog wheel icon besides the ‘miniorange saml sso’ module.



• Login / Register with your miniOrange credentials.This is just a one time setup to make it easier for us to get in touch with you in-case you need any support.

Step 2: After login / register, you will see the following sections:

• SP Settings
• IDP Configuration
• Submit Query sections.



• In case you are stuck feel free to drop us a query from here.



• Go to your IdP and get the following data:
  I. IdP Entity ID
  II. SAML Login URL
  III. Logout URL
  IV. SAML X.509 Certificate
  

Step 3: Configure the plugin.

• Provide the required settings (i.e. Identity Provider Name, IdP Entity ID or Issuer, SAML Login URL, X.509 Certificate) from your IdP and save it.

IdP Entity ID or Issuer	https://login.xecurify.com/moas
SAML Login URL	https://login.xecurify.com/moas/idp/samlsso
X.509 Certificate	X.509 certificate is enclosed in X509Certificate tag in IdP-Metadata XML file. (parent tag: KeyDescriptor use="signing")
SAML Logout URL	https://login.xecurify.com/moas/idp/samllogout

• After filling these fields click On Save Settings button to save the details.
• Click on Test configuration button and the User Details would be fetched.



• The below screenshot shows successful test result. This screenshot shows the attributes that are received and are mapped by attribute mapping

Step 4: Adding SSO button to Login Page

• Go to " \system\ee\EllisLab\ExpressionEngine\View\account\login.php "
• In login.php, scroll down and paste this code before the <?=form_close()?> :

<fieldset data-data-style="text-align:center>
<br><br>
<button class="btn btn-primary" >
<a data-data-style="color: white" href="https://example.com/index.php?ACT=101" >Sign-in with miniOrange</a>
</button>
</fieldset>

• Save the login.php file.
• Go to your admin panel and you can see the SSO button has been added.
• Now you can do Single-Sign-On at the time of login using the button.


---