Azure AD as IdP for PHP| Azure AD SSO Login

Azure AD as IdP for PHP| Azure AD SSO Login

PHP SAML 2.0 Connector acts as a SAML Service Provider which can be configured to establish the trust between the application and a SAML capable Identity Provider to securely authenticate the users into your application. Here we will go through a step-by-step guide to configure Azure AD as IdP (Identity Provider) and PHP SAML 2.0 Connector as SP (Service Provider).

miniorange img Pre-requisites : Download and Installation

  • To get the miniOrange PHP SAML 2.0 Connector Contact us .
  • Unzip the PHP connector in the directory where your PHP application is running.
  • Access SSO connector settings from your browser with URL https://<application-url>/sso
  • Login to the PHP connector using your miniOrange credentials.
  • In miniOrange PHP SAML 2.0 Connector, Under Plugin Settings tab you will get the SP Entity ID and ACS URL values which will be used while configuring your Identity Provider.

  • PHP SAML 2.0 connector - Successful authentication.

Step 1: Setup Azure AD as IDP (Identity Provider)

Follow the steps below to configure Azure AD as IdP

  • Log in to Azure AD Portal as admin.

  • Select Azure Active Directory.

  • Configure Azure AD as IDP -SAML Single Sign-On(SSO) for WordPress - Azure AD SSO Login - Enterprise registrations
  • Select Enterprise Application.

  • Configure Azure AD as IDP -SAML Single Sign-On(SSO) for WordPress - Azure AD SSO Login - Enterprise registrations
  • Click on New Application.

  • SAML Single Sign-On (SSO) using Azure AD as Identity Provider (IdP),for SAML 2.0 Azure AD Login - New Application
  • Click on Create your own Application.

  • SAML Single Sign-On (SSO) using Azure AD as Identity Provider (IdP),for SAML 2.0 Azure AD Login - New Application
  • Enter the name for your app then select Non-gallery application section and click on Create button.

  • Configure Azure AD as IDP -SAML Single Sign-On(SSO) for WordPress - Azure AD SSO Login - Add Non-Gallery Application
  • Click on Setup Single sign-on .

  • Configure Azure AD as IDP -SAML Single Sign-On(SSO) for WordPress - Azure AD SSO Login - Select SAML authentication SSO
  • Select the SAML  tab.

  • Configure Azure AD as IDP -SAML Single Sign-On(SSO) for WordPress - Azure AD SSO Login - Select SAML authentication SSO
  • After clicking on Edit, enter the SP Entity ID for Identifier and the ACS URL for Reply URL from Service Provider Metadata tab of the plugin.

  • Configure Azure AD as IDP -SAML Single Sign-On(SSO) for WordPress - Azure AD SSO Login - Configure SAML 2.0 Configure Azure AD as IDP -SAML Single Sign-On(SSO) for WordPress - Azure AD SSO Login - Setup SAML 2.0
  • By default, the following Attributes will be sent in the SAML token. You can view or edit the claims sent in the SAML token to the application under the Attributes tab.

  • Configure Azure AD as IDP -SAML Single Sign-On(SSO) for WordPress - Azure AD SSO Login - Azure AD User attributes
  • Copy App Federation Metadata Url to get the Endpoints required for configuring your Service Provider.

  • Configure Azure AD as IDP -SAML Single Sign-On(SSO) for WordPress - Azure AD SSO Login - App Federation Metadata Url
  • You have successfully configured Azure AD as SAML IdP ( Identity Provider) for achieving SSO login into your Service Provider Site.
  • Log in to Azure AD Portal as admin

  • Select Azure Active Directory.

  • SConfigure Azure AD as IDP -SAML Single Sign-On(SSO) for WordPress - Azure AD SSO Login - New registrations
  • Select App registrations.

  • Configure Azure AD as IDP -SAML Single Sign-On(SSO) for WordPress - Azure AD SSO Login - Enterprise registrations
  • Click on New registration.

  • SAML Single Sign-On (SSO) using Azure AD as Identity Provider (IdP),for SAML 2.0 Azure AD Login - New Application
  • Assign a Name and choose the account type.
  • In the Redirect URL field, provide the ACS URL provided in Service Provider Metadata tab of the plugin and click on Register button.
  • Configure Azure AD as IDP -SAML Single Sign-On(SSO) for WordPress - Azure AD SSO Login -  Application Registration
  • Navigate to Expose an API from left menu panel.
  • Click the Set button and replace the APPLICATION ID URL with the plugin's SP Entity ID.


  • NOTE: Please ensure that the SP Entity ID value from the Service Provider Metadata tab doesn't have a trailing slash('/'). If SP Entity ID has a trailing slash then update it by removing the trailing slash from the SP EntityID / Issuer field under the Service Provider Metadata tab of the plugin, enter the updated value at Azure and click on the Save button.


    Configure Azure AD as IDP -SAML Single Sign-On(SSO) for WordPress - Azure AD SSO Login -  Expose an API)
  • Go back to Azure Active DirectoryApp Registrations window and click on Endpoints.

  • Configure Azure AD as IDP -SAML Single Sign-On(SSO) for WordPress - Azure AD SSO Login - endpoints
  • This will navigate up to a window with multiple URLs.
  • Copy the Federation Metadata document URL to get the Endpoints required for configuring your Service Provider.

  • Configure Azure AD as IDP -SAML Single Sign-On(SSO) for WordPress - Azure AD SSO Login - federation metadata
  • You have successfully configured Azure AD as SAML IdP ( Identity Provider) for achieving SSO login into your Service Provider Site.

Step 2: Configure the connector using your Identity Provider details

  • In Plugin Settings, use your Identity Provider details to configure the plugin.

  • PHP SAML 2.0 connector - Identity provider settings
  • You can configure the SP base url or leave this option as it is. Other fields are optional.
  • Click on the Save button to save your settings.

Test the Configuration

  • You can test if the plugin is configured properly or by clicking on the Test Configuration button.

  • PHP SAML 2.0 connector - Test configuration settings.
  • You should see a Test Successful screen as shown below along with the user's attribute values as being sent by your Identity Provider

  • PHP SAML 2.0 connector - Successful authentication.

Step 3: Attribute Mapping

  • From the Test Configuration window copy the attribute which is returning email and username.
  • You can add any Custom Attribute and click on Save.

  • PHP SAML 2.0 connector - Successful authentication.

Step 4: Enable SSO into your Application

Once the SSO test was successful, you can provide an Application URL, to where the users will be redirected after logging in.

  • To do so, click on the How to Setup? menu in SSO connector.
  • In the input field for Application URL, enter the url of your application (where you want the users to redirect after logging in).
  • To login the user into your application, you can read the session attribute set by the SSO connector.

  •     
       if(session_status() === PHP_SESSION_NONE)
       {
        session_start();
       }
        $email = $_SESSION['email'];
        $username = $_SESSION['username'];
       
        

  • You can use the variables $email and $username in your application to find the user in your php application and start session for the user.
  • Now that the plugin is configured, you're ready to use it in your application.
  • Use the following URL as a link in your application from where you want to perform SSO:

  • http://<application-url>/sso/login.php"
    For Example, you can use it as:
    <a href="http://<application-url>/sso/login.php">Log in</a>
  • Your users will be able to SSO in your application by clicking on the Log in link.

Note : The miniOrange PHP SAML 2.0 Connector is supported by various PHP Frameworks such as Laravel, CodeIgniter, CakePHP, Symfony, Zend Framework, Phalcon, Yii Framework, Aura, Fat-Free, PHP-MVC, Kohana, FuelPHP, Slim, Flight, Zikula, PHPixie, Li3, Nett, Medoo, POP PHP, PHP Mini, Silex, Agavi, Typo 3 Flow, Prado, Cappuccino, Limonade, Webasyst, Guzzle PHP, YAF, Akelos PHP Framework, Qcodo, evoCore, Stratus, Seagull, Maintainable, Limb, Phocoa, AjaxAC, Zoop, BlueShoes, Recess, PHPDevShell, Ice Framework, QueryPHP, Dash PHP Framework, Zest Framework, Roducks, and many more.


Why Our Customers choose miniOrange WordPress Single Sign-On (SSO) Solutions?


Affordable Pricing

miniorange provides most affordable Secure Opencart Single Sign-on Solutions.

Request A Quote

Extensive Setup Guides

Easy and precise step-by-step instructions to help you configure within minutes.

Setup Guideline


We offer Secure Identity Solutions for Single Sign-On, Two Factor Authentication, Adaptive MFA, Provisioning, and much more. Please contact us at -

 +1 978 658 9387 (US) | +91 77966 99612 (India)   samlsupport@xecurify.com

Hello there!

Need Help? We are right here!

support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com