Single Sign-On (SSO) login into PHP Apps using SAML | PHP SSO

PHP SAML Single Sign-On (SSO) module allows SSO / Login for users in any PHP application using Azure AD, Azure B2C, Google, Discord, WHMCS, AWS Cognito, Keycloak, Okta, Clever, Salesforce, WordPress, and any other SAML Identity Provider. It acts as an SAML Service Provider which can be configured to establish trust between the application and IDP to securely authenticate and enable SSO / Login for the users into the PHP application.

Contact us at samlsupport@xecurify.com and we'll help you set up SSO with your IDP in no time.

PHP SAML 2.0 Connector supports various PHP Frameworks

Laravel

CodeIgniter

CakePHP

Symfony

Zend Framework

Yii Framework

Phalcon

FuelPHP

Slim

PHPixie

Fat-free Framework

Laminas Project

Neos Flow

Aura

Medoo

Zikula

PHP-MVC, Kohana, Flight, Li3, Nett, POP PHP, PHP Mini, Silex, Agavi, Prado, Cappuccino, Limonade, Webasyst, Guzzle PHP, YAF, Akelos PHP Framework, Qcodo, evoCore,Stratus, Seagull, Maintainable, Limb, Phocoa, AjaxAC, Zoop, BlueShoes, Recess, PHPDevShell, Ice Framework, QueryPHP, Dash PHP Framework, Zest Framework, Roducks, and many more.

Key Features

Signed Response and assertion

Configure Signed Response and assertion to determine whether SAML authentication response message is digitally signed by the IDP

Encryption

Choose whether the SAML assertion is encrypted or not. Encryption ensures that only the sender and receiver can understand the assertion

Configurable SP base URL

You can provide custom SP base URL depending upon your Service Provider Configuration.

Auto-redirect to your application after SSO

The admin can provide an application URL, which will be used as a redirect URL after logging in.

Attribute Mapping

Map users attribute to session variables, which can be retrieved and used at the application endpoint.

Single Logout

You can logout of all your applications by a single click

Azure AD

Azure B2C

Office 365

Cognito

Keycloak

Discord

You can enable Single Sign-On (SSO Login) in your PHP application using any SAML Identity Provider

Can't find your IdP ? Contact us on samlsupport@xecurify.com
We'll help you set up your SSO in no time.

WordPress

WSO2

miniOrange

OneLogin

Salesforce

Okta

Pricing Plans

Best Plan

Premium Plan

Unlimited Authentications
Configurable SAML request binding type
Signed Response and Assertion
Custom Application URL
Configurable SP Base URL
Auto-redirection
Pre-configured IDPs
Attribute Mapping
Single Logout

Pricing FAQs

What is the refund policy?

At miniOrange, we want to ensure you are 100% happy with your purchase. If the premium plugin you purchased is not working as advertised and you've attempted to resolve any issues with our support team, which couldn't get resolved. We will refund the whole amount within 10 days of the purchase. Please email us at samlsupport@xecurify.com for any queries regarding the return policy or contact us here.

Does miniOrange offer technical support?

Yes, we provide 24*7 support for all and any issues you might face while using the plugin, which includes technical support from our developers. You can get prioritized support based on the Support Plan you have opted. You can check out the different Support Plans from here.

What is one instance?

License is linked to the domain of the PHP instance, so if you have dev-staging-prod type of environment then you will require 3 licenses of the plugin (with discounts applicable on pre-production environments)

Note: Purchasing licenses for Unlimited instances will grant you upto 200 licenses. If you want to purchase more licenses, please contact us here or drop an email at samlsupport@xecurify.com

Does miniOrange store any user data?

miniOrange does not store or transfer any data which is coming from the Identity Provider to the PHP. All the data remains within your premises / server.

Does miniOrange provide developer license for paid plugin?

We do not provide the developer license for our paid plugins and the source code is protected. It is strictly prohibited to make any changes in the code without having written permission from miniOrange. There are hooks provided in the plugin which can be used by the developers to extend the plugin's functionality.

Payment Methods

Credit cards (American Express, Discover, MasterCard, and Visa) - If the payment is made through Credit Card/International Debit Card, the license will be created automatically once the payment is completed.

Please contact us here or drop an email at samlsupport@xecurify.com for more information

Please contact us here or drop an email at samlsupport@xecurify.com so that we can provide you the bank details.

Description

miniOrange PHP SAML 2.0 Connector acts as a SAML Service Provider which can be configured to establish the trust between the connector and a SAML capable Identity Provider to securely authenticate the users into your application.
The connector uses the SAML protocol for exchanging authentication and authorization data with the Identity Provider.

Steps to Configure the PHP SAML 2.0 Connector

miniorange img Step 1: Download and Setup the connector on your domain.

Install miniOrange PHP SAML 2.0 Connector ( to get plugin Contact us ).
Setup the connector on the same domain where you have PHP application running.
Access SSO connector from your browser with URL https://<connector-path>/sso
Register into SSO connector by providing a valid email address and password.
After registration, log in to the dashboard using the credentials you provided during registration.

miniorange img Step 2: Configure the connector using your Identity Provider details

In Plugin Settings, use your Identity Provider details to configure the plugin.
You can configure the SP base url or leave this option as it is.
You need to provide these SP Entity ID and ACS URL values while configuring your Identity Provider.
Click on the Submit button to save your settings.

miniorange img Step 3: Test the Configuration

You can test if the plugin is configured properly or not by clicking on the Test Configuration button.
You should see a Test Successful screen as shown below along with the user's attribute values.

miniorange img Step 4: Setup the connector to work with your Application

Once the SSO test was successful, you can provide an Application URL, to where the users will be redirected after logging in.

To do so, click on the How to Setup? menu in SSO connector.
Look for an option called Application URL and provide the url of your application(where you want the users to redirect after logging in).

NOTE: The domain of the application URL and the domain where you have setup the miniOrange PHP SAML 2.0 Connector should be same.

On this Application Endpoint you need to read Session attributes set by SSO connector and use that to login user into your application.
```
if(session_status() === PHP_SESSION_NONE)
{
session_start();
}
$email = $_SESSION['email'];
$username = $_SESSION['username'];
// Use $email and $username variables to find user in your PHP application and start session for the user.
```
These Variables contain the mapped attribute values. After receiving these values using the above code, you can use the $email and $username variables in your application.
Now that the plugin is configured, you're ready to use it in your application.
Use the following URL as a link in your application from where you want to perform SSO:
http://<your-domain>/sso/login.php"

For Example, you can use it as:
<a href="http://<your-domain>/sso/login.php">Log in</a>
Your users will be able to SSO in your application by clicking on the Log in link