TYPO3 SAML SP Single Sign-On (SSO)
miniOrange has developed a ready to use SSO solution for your TYPO3 website. miniOrange Single Sign-On (SSO) provides secure access to your TYPO3 website with one set of login credentials.
It removes the need to repeatedly type usernames and passwords, which increasing productivity and preventing many types of online frauds, typing in passwords in unsafe environments, password sharing, etc.
TYPO3 is one of the most popular free CMS. It is very easy to understand and maintain your website with. No license is ever required to use TYPO3 and it is very well documented in multiple languages.
This extension helps you to get your users to log into the website in one click without remembering any passwords and usernames
TYPO3 SAML SP Single Sign-On ( SSO ) extension
SAML Single Sign-on (SSO) for TYPO3 acts as a SAML Service Provider (SP) which can be configured to establish the trust between the SAML SP (Service Provider) extension and SAML capable Identity Providers to securely authenticate the user to the TYPO3 site.
SAML Single Sign-On (SSO) for TYPO3 allows users to sign in to TYPO3 website with your SAML 2.0 capable Identity Provider. We support all known IdPs - miniOrange, Google Apps, ADFS, Okta, OneLogin, Azure AD, Salesforce, Shibboleth, SimpleSAMLphp, OpenAM, Centrify, Ping, RSA, IBM, Oracle, Bitium, WSO2, NetIQ, etc. SAML Single Sign-on (SSO) acts as a SAML 2.0 Service Provider (SP) and securely authenticate users with your SAML 2.0 Identity Provider.
Features of TYPO3 SAML SP Single Sign-on Extension
- Simple and easy-to-use admin UI [ FREE ]
- Auto-create users in TYPO3 [ FREE ]
- Single Sign On button on the Login page [ FREE ]
- Auto-redirect to IdP/ Force Single Sign-On [ PREMIUM ]
- Attribute Mapping [ PREMIUM ]
- Select Binding Type [ PREMIUM ]
Follow the Step-by-Step Guide given below for TYPO3 SAML SP Single Sign On ( SSO )
Step 1: Installing the extension
- Download the zip file of the SAML SP extension.
- Go to your TYPO3 backend, go to Extensions.
- Upload the zip file.
- Now You will be able to activate the extension.
- After installation, click on the new extension which has been added as shown in the image below.
- Here you can enter the configurations of IDP you want to configure and save. But, It is important to create frontend first. If you already have pages in frontend you can move to Step 3.
Step 2: Creating the frontend
- Now you have to design your frontend by clicking on the PAGE tab in the left top corner of the menu bar.
- Here you will create pages, right click on the HOME page and click on NEW to add new pages. Add two STANDARD pages within the HOME page. While editing the properties of pages, last dropdown, in “USE CONTAINER AS” select “website users”.
- Also, add a folder by right click and NEW to store your website users of the plugin, you can find FOLDER in the type of the content and add website users in the behavior tab.
- The page from where you want to initiate SSO put fename plugin on it (the first page) and add response plugin on another page, also login form should be on this page.
- To put the plugin:
- Create a standard page.
- In behavior tag, last dropdown, in “USE CONTAINER AS” select “website users”.
- Click on SAVE button.
- Click on that page to add content to it.
- On adding content you’ll see a plugin tab there you can select fename plugin. In plugin, tab adds RECORD STORAGE AS the folder you created.
- Select the dropdown of save and click on Save and Close.
- Now add a login page where you are getting the response and you have added response plugin.
- Your TYPO3 directory should look like this.
- Also, you must create at least one group as TYPO3 doesn’t allow to create users unless there’s one usergroup at least.
- You can also create a SSO button and put login page page there also, here the code snippet to do so.
- Now you can configure the plugin in the backend.
Step 3: Identity Provider Settings
- In the Plugin Settings tab, under the Identity Provider Settings column, fill the necessary configuration options provided by your Identity Provider (IdP). ( Identity Provider Name, IdP Entity Id, SAML Login URL, SAML x509 Certificate ) and click on “Save”. You will get all these inputs by your Identity Provider.
- To use features like Force Authentication and Custom Binding, upgrade your plugin.
|IdP Entity Id
| Single Sign On URL
|Single Logout URL
||Certificate Upload the certificate downloaded from miniOrange Admin Console.
Step 4: Test Configuration
- This feature will help you to find out if submitted configurations are correct or not. You will also get the attributes you have configured in response.
Step 5: Service Provider Settings
- In this tab, you have to give the URLs of the pages where you have put fesaml(frontend saml) and response plugins.
As you have to configure it and save it.
- URL with FESAML - https://--------/typo3/index.php?id=4
- The URL where the "fename" plugin has been uploaded.
- URL with response - https://--------/typo3/index.php?id=4
- The URL where the "response" plugin has been uploaded.It should be the page with your login form
- ACS URL - URL with response plugin
- The URL where the "response" plugin has been uploaded.
- Site Base URL - https://--------/typo3
- SP Base URL can be the base URL of your website.
- It is basically an Identity to develop the trust between IDP(Identity Provider). SP Entity ID can be the base URL of your website.
- The Service Provider (SP) Settings column has the data that you will need to provide to your Identity Provider (IdP).
Step 6: Attribute mapping
- Attribute mapping maps the incoming attributes from SAML Response to user profile of TYPO3 website.
Attribute Mapping is not provided in the free version of SAML SP (Service Provider) extension. To enable Attribute Mapping upgrade your SAML SP extension to the premium plugin.
For further details refer :
Guide For Single Sign On (SSO)
Typo3 Single Sign On