Search Results :

×

SAML Single Sign-On (SSO) in AWS Cognito (SP) | TYPO3 – AWS Cognito SSO Login


AWS Cognito SAML Single Sign-On (SSO) with TYPO3 as SAML IdP . TYPO3 SAML IdP extenstion gives you the ability to use your TYPO3 credentials to login into AWS Cognito. Here we will go through a step-by-step guide to configure SSO between AWS Cognito as SP (Service Provider) and TYPO3 as IDP (Identity Provider).

Pre-requisites: Download and Installation

1. Installing SAML IDP extension in TYPO3
  • Download the zip file of the SAML IDP extension from TYPO3 marketplace
  • Go to your TYPO3 backend, and click on Extensions section at the left side of your screen.
  • Upload the zip file, as represented in the below image or you can unzip the plugin zip into 'Typo3 root folder/typo3conf/ext' directory.
  • Typo3 SAML idp SSO plugin
  • Now search for the "miniOrange SAML IDP" in Installed extensions section and activate the extension by clicking on activate button.
  • Typo3 SAML SSO create frontend
  • After installation, click on the newly installed extension "miniOrange SAML IDP extension" for TYPO3 SSO and login with your registered miniOrange credentials.
  • After entering username and password you will require license key to proceed further if you are a premium customer. (You will get this key from the miniOrange team. After entering license key, you can activate the license and proceed further.)
  • If you are not a premium customer you can direcly login submitting miniOrange credentials.
  • After successful login, you can see the details related to your account.
  • Now you are ready to configure your Service Provider. But, it's important to integrate frontend first.
2. Integrate extension with TYPO3
  • Now you have to design your frontend by left clicking on the Home tab then click on New Subpage
  • Typo3 SAML SSO create frontend
  • You need to add STANDARD page within the HOME page.
  • Enter the Standard Page name as: FESAML.
  • FESAML page Typo3 Single Sign-On
  • Click on FESAML Page and click on Add content. Go to plugins and add FESAML Plugin.
  • Typo3 SAML login add content
  • Navigate to plugin tab and select FESAML plugin. Add website users in Record Storage Page and save the settings.
  • Typo3 login add website users
  • If you need to make changes in URL segment, which will also be your initial SSO URL, right click on FESAML page, select edit and click on "toggle URL" button to set URL according to your way.
  • Typo3 SAML sign-in edit SSO URL
  • Also, you must create at least one group as TYPO3 doesn’t allow to create users unless there’s one usergroup at least.
  • To create group go to list tab from the left panel, click on Website users folder and hit the "+" button at the top of the screen.
  • create group Typo3 OIDC single sign on
  • Now select Websiteuser group ? from the list.
  • Typo3 SAML SSO website users group
  • Insert Group Name in group title section and click on Save button at the top. User group will be created.
  • User group created Typo3 SAML SSO
  • You can also create a SSO button on login page. Click on Home, proceed to the +Content option.
  • Typo3 SAML SSO add content
  • Switch to Special elements tab and select Plain HTML.
  • Plain html to create miniorange SSO button
  • Here what you will be doing is, you are adding SSO login button, URL in the button section will be of FESAML Standard Page.
  • The code snippet to do so is mentioned in the given image. Enter the code and hit the Save button at the top.
  • SSO button on frontend Typo3 SAML SSO
  • Now you can configure plugin in the backend.

Steps to configure AWS Cognito SAML Single Sign-on ( SSO ) Login into TYPO3

1. Download Metadata XML file from TYPO3:

  • Go to IDP Metadata tab. Click on Download XML Metadata button. Keep this XML file to configure your SP.
  • AWS Cognito as SP and TYPO3 as IDP,Download Metadata

2. Configure AWS Cognito Service Provider:

  • First of all, go to Cognito Console and sign up/login in your account to Configure AWS Cognito.
  • Go to Services > Security, Identity, & Compliance > Cognito.
  • AWS Cognito as SP and TYPO3 as IDP,Cognito console
  • Click Manage User Pools, then Create a user pool.
  • AWS Cognito as SP and TYPO3 as IDP, Manage User Pools
    AWS Cognito as SP and TYPO3 as IDP, Manage User Pools
  • Enter a name for the Pool Name. Click Review Defaults, then Create Pool .
  • AWS Cognito as SP and TYPO3 as IDP, Manage User Pools
  • After creating a pool keep the Pool ID handy or you can note down so that it will help to configure your IdP.
  • AWS Cognito as SP and TYPO3 as IDP, Manage User Pools
  • On the left pane, click on Domain Name under App Integration. Enter an available domain prefix, then save it. Keep this Domain it will require in ACS URL to configure your IDP.
  • AWS Cognito as SP and TYPO3 as IDP, Manage User Pools
  • On the left pane, click on Identity provider under Federation. Then Selct SAML
  • AWS Cognito as SP and TYPO3 as IDP, Manage User Pools
  • Upload the downloaded in step-1 TYPO3 IDP metadata file, name it, then click Create Provider.
  • AWS Cognito as SP and TYPO3 as IDP, Manage User Pools
  • Under Federation, select Attribute mapping .
  • Add this
     http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress 
    attribute in SAML attribute text field and select User Pool Attribute as Email.
  • AWS Cognito as SP and TYPO3 as IDP, Manage User Pools
  • Click Save changes.

3. Configuring TYPO3 as Identity Provider (IDP):

  • In TYPO3 SAML IDP extenstion, go to Service Provider tab.
  • In the SP Entity ID field, enter urn:amazon:cognito:sp:(YourUserPoolId) and add your user pool id which you have already copied above while creating the pool.
  • Replace "yourUserPoolId" with your Amazon Cognito user pool ID.
  • To find the User Pool ID:
    • Log in to the AWS Management Console as an administrator.
    • Go to Services > Security, Identity, & Compliance, then select Cognito.
    • Select Manage User Pools, then the user pool you want to use in the configuration.
    • Find Pool Id at the top of the list.
  • In the ACS URL field, enter the following URL:
    https://YourSubdomain.amazoncognito.com/saml2/idpresponse
    and save it.

4. Configure App Client in AWS Cognito:

  • Now click on the App Clients under General Settings. Click on Add an App Client.
  • AWS Cognito as SP and TYPO3 as IDP, TYPO3 SP Cofiguration
  • Enter App client name. For eg. TYPO3 IdP. Disable the Generate client secret checkbox and click on the Create App Client button at the bottom.
  • AWS Cognito as SP and TYPO3 as IDP, TYPO3 SP Cofiguration
  • Now click on the App Client settings under App Integration at the left pane.
  • Enable Select all checkbox, enter Callback URL(s) and Sign out URL(s).
  • Select Implicit Grant under Allowed OAuth Flows.
  • Now Enable email and openid checkbox under Allowed OAuth Scopes and click on Save Changes button at the bottom right corner.
  • AWS Cognito as SP and TYPO3 as IDP, TYPO3 SP Cofiguration
  • Now click on Launch Hosted UI at the bottom to perform SSO.
  • AWS Cognito as SP and TYPO3 as IDP, TYPO3 SP Cofiguration
  • You can also use the following SSO URL for perform the SSO.
    https://(domain_prefix).auth.(region).amazoncognito.com/login?
    response_type=token&client_id=(app client id)&redirect_uri=(your redirect URI)
  • Now you have successfully configured miniOrange TYPO3 SAML IDP with AWS Cognito as SP.

5. SSO Testing

  • Open a new browser or private incognito window and enter your AWS Cognito URL, which will redirect you to the TYPO3 login screen.
  • Enter your TYPO3 credentials and click the log in button.
  • If you are redirected to your AWS Cognito start page and successfully logged in, your configuration is correct.

Additional Resources


If you are looking for anything which you cannot find, please drop us an email on info@xecurify.com

Hello there!

Need Help? We are right here!

support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com