miniOrange provides secure access to MediaWiki for enterprises and full control over access of applications, Single Sign On (SSO) into MediaWiki with one set of login credentials.
miniOrange supports SAML based Single Sign On into MediaWiki. This guide explains SAML based Single Sign On into MediaWiki.
In SAML SSO, miniOrange supports both IdP (Identity Provider) and SP (Service Provider) initiated Single Sign On (SSO) for MediaWiki.
In IdP Initiated Login, SAML request is initiated from miniOrange IdP.
In SP Initiated Login, SAML request is initiated from MediaWiki server.
In order to setup SSO, you need to follow these 7 steps:
Step 1: Configure Single Sign-On Settings in Identity Provider
Step 2: Onboard users into our system
Step 3: Login to miniOrange Account
Step 4: Installing and Configuring the extension
# miniOrange SAML Extension settings # Loads SAML extension # For 1.25 and above wfLoadExtension( 'SamlSingleSignOnAuth' ); # For 1.24 and below require_once "extensions/SamlSingleSignOnAuth/SamlSingleSignOnAuth.php"; # Enter IDP Name $wgMoSamlIdpName = 'miniOrange'; # Enter SAML Issuer URL or Entity ID $wgMoSamlIssuer = 'https://login.xecurify.com/moas'; # Enter SAML Login URL or ACS(Assertion Consumer Service) URL here $wgMoSamlLoginURL = 'https://login.xecurify.com/moas/idp/samlsso'; # Set binding type for login. Two possible values - HttpRedirect and HttpPost $wgMoSamlLoginBindingType = 'HttpRedirect'; # Enter certificate information. $wgMoSamlX509CertDesc = '-----BEGIN CERTIFICATE----- . . . . . . . . . . . . -----END CERTIFICATE-----'; # Only set to true if SAML is brokered through miniOrange $wgMoSamlIsBrokerOn = false; # OPTIONAL - Enter Relay State if applicable $wgMoSamlRelayState = ''; # Set true if Response is signed, set false by default $wgMoSamlIsResponseSigned = false; # Set true if Assertion is signed, set true by default $wgMoSamlIsAssertionSigned = true; # Set this to true if you want to update user with incoming attributes whenever user logs in $wgMoSamlUpdateUser = true; # Auto create user if the user does not exist $wgMoSamlCreateUser = true; # Map attributes $wgMoSamlEmailAttr = 'email'; $wgMoSamlUsernameAttr = 'username'; $wgMoSamlFNameAttr = 'fname'; $wgMoSamlLNameAttr = 'lname'; $wgMoSamlGroupAttr = 'role'; # Set default group for users $wgMoSamlDefaultGroup = 'user'; # OPTIONAL - Set this to override $wgServer as site URL in the extension. Please make sure this is # the URL where MediaWiki is hosted and '/extensions/SamlSingleSignOnAuth/' can be appended to it. $wgMoSamlServer = 'https://<MEDIAWIKI_DOMAIN>/mediawiki';
wgMoSamlIdpName | Enter the name of the IDP here. Eg. miniOrange |
wgMoSamlIssuer | Enter the Issuer/Entity ID of IDP here. Eg. https://login.xecurify.com/moas |
wgMoSamlLoginURL | Enter the SAML Login URL or ACS(Assertion Consumer Service) URL of IDP here. Eg. https://login.xecurify.com/moas/idp/samlsso |
wgMoSamlX509CertDesc | Open the certificate in Notepad and copy/paste the entire content here. |
wgMoSamlIsBrokerOn | Set to true if miniOrange is broker for another IDP. Set to false by default. |
wgMoSamlRelayState | Enter the Relay State URL of IDP here. |
wgMoSamlIsResponseSigned | Set true if Response is signed by IDP. Set false by default. |
wgMoSamlIsAssertionSigned | Set true if Response is signed by IDP. Set true by default. |
wgMoSamlUpdateUser | Set this to true if you want to update user with incoming attributes whenever user logs in |
wgMoSamlCreateUser | Set this to true if you want to auto create users. If you want to restrict access to only registered users, set this to false. |
wgMoSamlEmailAttr | Enter the Attribute Name that contains MediaWiki Email. Use NameID if Email is in Subject element. |
wgMoSamlUsernameAttr | Enter the Attribute Name that contains MediaWiki Username. Use NameID if Username is in Subject element. |
wgMoSamlFNameAttr | OPTIONAL - Enter the Attribute Name that contains MediaWiki First Name. |
wgMoSamlUsernameAttr | OPTIONAL - Enter the Attribute Name that contains MediaWiki Last Name. |
wgMoSamlGroupAttr | Enter the Attribute Name that contains MediaWiki Group/Role. |
wgMoSamlDefaultGroup | This is the MediaWiki default group/role name to which users will be mapped. |
wgMoSamlServer | OPTIONAL - This is the URL where MediaWiki is hosted and '/extensions/SamlSingleSignOnAuth/' can be appended to it. Eg. https://<MEDIAWIKI_DOMAIN>/mediawiki |
To test the authentication, open a new Private browsing window (Incognito window) and go to http://<YOUR_MEDIAWIKI_DOMAIN>/index.php/Special:UserLogin and click on Login with miniOrange button. Eg. http://mediawiki.example.com/index.php/Special:UserLogin
miniOrange provides 24/7 support for all the Secure Identity Solutions. We ensure high quality support to meet your satisfaction.
Try Nowminiorange provides most affordable Secure Identity Solutions for all type of use cases and offers different packages based on customer's requirement.
Request A QuoteWe offer Secure Identity Solutions for Single Sign-On, Two Factor Authentication, Adaptive MFA, Provisioning, and much more. Please contact us at -
+1 978 658 9387 (US) , +91 77966 99612 (India) | info@xecurify.com