miniOrange has published the first full-fledged Single Sign On plugin on OctoberCMS that allows users to login in a fast and secure way. It supports both Frontend and Backend SSO, automatically integrating with the RainLab.User plugin and backend user management.
OctoberCMS is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. Thousands of digital studios and freelancers all over the world love October for its simplicity, flexibility, and modern design. Their clients are happy because OctoberCMS saves them both time and money.
OctoberCMS Single Sign-On ( SSO ) Plugin
This plugin acts as a SAML Service Provider which can be configured to establish the trust between the plugin and SAML capable Identity Providers to securely authenticate the user to the OctoberCMS site
We support all known IdPs - miniOrange, Google Apps, ADFS, Okta, OneLogin, Azure AD, Salesforce, Shibboleth, SimpleSAMLphp, OpenAM, Centrify, Ping, RSA, IBM, Oracle, Bitium, WSO2, NetIQ, etc. SAML Single Sign-on (SSO) acts as a SAML 2.0 Service Provider and securely authenticate users with your SAML 2.0 Identity Provider.
Features of OctoberCMS SSO Plugin
- Simple and easy-to-use backend [ FREE ]
- Auto-create/Auto-login users in OctoberCMS [ FREE ]
- Single Sign On button component [ FREE ]
- Supports both Frontend and Backend SSO [ FREE ]
- Auto-redirect to IdP/ Force Single Sign-On [ PREMIUM ]
- Custom Attribute Mapping [ PREMIUM ]
- Select Binding Type [ PREMIUM ]
- Single Logout [ PREMIUM ]
Follow the Step-by-Step Guide given below for October Single Sign On ( SSO ) using SAML
Step 1: Installing the plugin
- Login to your OctoberCMS site’s backend: https://example.com/backend.
- From the admin dashboard, go to Settings from the main navigation bar and select Updates & Plugins.
- Click on Install plugins and in the search bar type “SAML SP”.
- Click on the SAML SP Single Sign-On - SSO search result. The plugin will now start installing and will also install the RainLab.User plugin automatically if missing.
Step 2: Configuring the plugin
- The plugin will create a Single Sign On menu option in the main navigation bar at the top of your page.
- Click on it to see the Plugin Settings page. We will first configure the IdP Settings.
- Fill out the required fields according to the information provided by your Identity Provider. You can refer to the example given below.
- For Example:
|IdP Entity Id:||https://login.xecurify.com/moas/|
|SAML Login URL:||https://login.xecurify.com/moas/idp/samlsso|
|SAML x509 Certificate:||Certificate provided by your IdP.|
- Don’t forget to hit Save.
- The SP Settings tab has the data that you will need to provide to your IdP.
Step 3: Test Configuration
- Click on the Test Configuration button and the user details will be fetched.
- The below screenshot shows the successful result.
- This screenshot shows the attributes that are received and are mapped by attribute mapping.
Step 4: Attribute Mapping
- In the Attribute Mapping tab, you can map the attribute names received in Test Configuration to the user credentials of your OctoberCMS users.
- Don’t forget to Save your attribute mapping.
Step 5: SSO Button Component
- Click on CMS from the main navigation and select the page that you want to place the button on from the Pages menu on the left-hand side.
- Click on Components and click on SAML 2.0 SP to reveal the SSO Button component
- Drag and drop the component on to your selected page. Hit save and preview.
- Click on the Single Sign-On button to start the authentication flow for frontend users.
- The button for Backend login screen is generated automatically.
Step 6: SSO Options
- In the IDP Settings tab, you can configure Force Authentication to force login screen at IdP every time your users are redirected for SSO.
- You can configure the Login Binding type to choose the method of sending the SAML request.
- You can configure the Single Logout URL to send a logout request to the IdP when a user logs out of your OctoberCMS site.
- In the SP Settings tab, you can configure Auto-Redirect to redirect users to IdP when they land on your site.
- You can configure the Post-Login and Post-Logout URLs to redirect users after they SSO and Single Logout.
- You can access the documentation for more details by going to Settings > Updates & Plugins > SAML 2.0 SP
For further details refer :
Guide For Single Sign On (SSO)