SAML Single Sign On SSO
miniOrange SAML Single Sign On SSO Module acts as a SAML 2.0 Service
Provider which can be configured to establish the trust between the
plugin and various SAML 2.0 supported Identity Providers to securely
authenticate the user to the ExpressionEngine site as an admin.
Download Addon for Free
SAML SP supports all known IdPs like ADFS, Azure AD, Okta,
Salesforce, Shibboleth, SimpleSAMLphp, miniOrange IdP, OpenAM, Centrify,
Ping, RSA, IBM, Google Apps, Oracle, OneLogin, Bitium, WSO2, NetIQ etc.
Also Support the OAuth Protocol for SSO.
Note : The information contained on this page does not create a joint venture, partnership, agency or other form of association, or an express or implied license grant by either party to the other under any patent, trademark, copyright, trade secret or other intellectual property right.
miniOrange provides secure access to ExpressionEngine for enterprises and full control over access of applications, Single Sign On (SSO) into ExpressionEngine with one set of login credentials.
miniOrange SAML Single Sign on (SSO) plugin acts as a SAML Service Provider which can be configured to establish the trust between the plugin and a SAML capable Identity Providers to securely authenticate the user to the ExpressionEngine site.
- Easily Configure the Identity Provider by providing just the metadata URL or metadata file of the Identity Provider.
- Provides Single Sign-On functionality for admins to log into Control Panel using any SAML 2.0 compliant IdP.
- Using this module, admins don’t need to remember passwords. If they have an account in the IdP, then they can log in using that IdP. Also, automatic user registration after login if the user is not already registered with your site.
Follow the Step-by-Step Guide given below for ExpressionEngine Single Sign On (SSO) using SAML
Step 1: Download and Install Plugin
- You can install and download the miniOrange SAML 2.0 SSO SP plugin in ExpressionEngine from EE Marketplace.
- Copy and paste the ‘miniorange_saml_sso’ folder inside /system/user/addons/
- Go to admin panel of your website “https://example.com/admin.php”
- Click on ‘Developer’ > ‘Addons’
- Scroll Down and click on ‘Install’ beside the addon named ‘Miniorange SAML SSO’
- Click on the cog wheel icon besides the ‘miniorange saml sso’ module.
- Login / Register with your miniOrange credentials.This is just a one time setup to make it easier for us to get in touch with you in-case you need any support.
Step 2: After login / register, you will see the following sections:
- SP Settings
- IDP Configuration
- Submit Query sections.
- In case you are stuck feel free to drop us a query from here.
- Go to your IdP and get the following data:
I. IdP Entity ID
II. SAML Login URL
III. Logout URL
IV. SAML X.509 Certificate
Step 3: Configure the plugin.
- Provide the required settings (i.e. Identity Provider Name, IdP Entity ID or Issuer, SAML Login URL, X.509 Certificate) from your IdP and save it.
|IdP Entity ID or Issuer
|SAML Login URL
||X.509 certificate is enclosed in X509Certificate tag in IdP-Metadata XML file. (parent tag: KeyDescriptor use="signing")
|SAML Logout URL
- After filling these fields click On Save Settings button to save the details.
- Click on Test configuration button and the User Details would be fetched.
- The below screenshot shows successful test result. This screenshot shows the attributes that are received and are mapped by attribute mapping
Step 4: Adding SSO button to Login Page
- Go to " \system\ee\EllisLab\ExpressionEngine\View\account\login.php "
- In login.php, scroll down and paste this code before the <?=form_close()?> :
<button class="btn btn-primary" >
<a data-data-style="color: white" href="https://example.com/index.php?ACT=101" >Sign-in with miniOrange</a>
Save the login.php file.
Go to your admin panel and you can see the SSO button has been added.
Now you can do Single-Sign-On at the time of login using the button.