Need Help? We are right here!
This document assumes that you are already familiar with the Sharepoint and have an experience in configuring federation across Sharepoint and other Microsoft applications.
Sharepoint supports the WS-Federation protocol for communicating between compliant federation services (miniOrange, AD FS etc.) It requires the use of a Sharepoint Gateway, which acts like an intermediary between miniOrange and Sharepoint and translates SAML 2.0 messages to WS-Federation messages.
miniOrange provides user authentication from various external sources, which can be Directories (like ADFS, Microsoft Active Directory, Azure AD, OpenLDAP, Google, AWS Cognito etc), Identity Providers (like Shibboleth, Ping, Okta, OneLogin, KeyCloak), Databases (like MySQL, Maria DB, PostgreSQL) and many more.
Please refer to the below screenshot to understand information required to configure Sharepoint Gateway as a Custom SAML Application in miniOrange.
After the above steps, we are able to get the SAML connection information to connect the Sharepoint Gateway to the miniOrange IdP. This steps allows the Sharepoint Gateway to send authentication requests to the miniOrange IdP.
/*ACS FOR SAML RESPONSE FROM MINIORANGE */ public static $acs = ''; /*ISSUER OF SAML REQUEST TO MINIORANGE*/ public static $issuer = ''; /*SAML LOGIN URL*/ public static $saml_login_url = ''; public static $saml_logout_url = ''; /*SAML SP ENTITY ID*/ public static $idp_entity_id =''; /*X.509 CERTIFICATE*/ public static $signingPublicKey ='-----BEGIN CERTIFICATE----- -----END CERTIFICATE-----';
After the above steps, we are able to get the SAML connection with the miniOrange IdP. The next steps involve configuring the Sharepoint Gateway with the details of the Sharepoint website.
public static $aud = 'http(s)://<Base URL of the Sharepoint website>/_trust/'; public static $issuer = 'randomuuid'; //Can be any random Issuer ID. Needs to be used in the PowerShell script as well public static $ctx = 'http(s)://<Base URL of Sharepoint Website>';
.\MO-SP-demo.ps1 -identifierClaimType "Email" -certPath "<path>\miniorange.cert" -realm "urn:miniorange:sharepoint:randomuuid" -signInURL "<server>/sharepointgateway/login.php"
-certPath: <path> needs to be replaced by the location of the miniorange.cert file. -realm: This is the value of the $issuer configured in the previous step. -signInURL: <server> needs to be the hostname of the Sharepoint Gateway.
To enable the Sharepoint Gateway, login into the Sharepoint Central Administration with an admin user.
$root = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("<certificate-path>"") New-SPTrustedRootAuthority -Name "miniOrange Token SigningRoot Authority"-Certificate $root
miniOrange provides user authentication from various external sources, which can be Directories (like ADFS, Microsoft Active Directory, Azure AD, OpenLDAP, Google, AWS Cognito etc), Identity Providers (like Okta, Shibboleth, Ping, OneLogin, KeyCloak), Databases (like MySQL, Maria DB, PostgreSQL) and many more. You can configure your existing directory/user store or add users in miniOrange.
1. Create User in miniOrange
2. Bulk Upload Users in miniOrange via Uploading CSV File.
Here's the list of the attributes and what it does when we enable it. You can enable/disable accordingly.
|Activate LDAP||All user authentications will be done with LDAP credentials if you Activate it|
|Sync users in miniOrange||Users will be created in miniOrange after authentication with LDAP|
|Backup Authentication||If LDAP credentials fail then user will be authenticated through miniOrange|
|Allow users to change password||This allows your users to change their password. It updates the new credentials in your LDAP server|
|Enable administrator login||On enabling this, your miniOrange Administrator login authenticates using your LDAP server|
|Show IdP to users||If you enable this option, this IdP will be visible to users|
|Send Configured Attributes||If you enable this option, then only the attributes configured below will be sent in attributes at the time of login|
Refer our guide to setup LDAPS on windows server.
miniOrange integrates with various external user sources such as directories, identity providers, and etc.
Our Other Identity & Access Management Products