SAML Single Sign-On (SSO) into October CMS Using WSO2

SAML Single Sign-On (SSO) into October CMS Using WSO2


October CMS Single Sign-On ( SSO ) plugin gives the ability to enable SAML Single Sign-On (SSO) for your October CMS sites. Our October CMS SSO plugin is compatible with all the SAML compliant Identity providers. Here we will go through a step-by-step guide to configure SAML SSO between October CMS site and your Identity Provider.

Pre-requisites

To integrate your Identity Provider(IDP) with October CMS, you need the following items:

  • October CMS should be installed and configured.
  • Download any Front-end user management plugins - RainLab/Buddies.

Download and Installation

  • Login to your October CMS site’s backend: https://example.com/backend.
  • From the admin dashboard, go to Settings from the main navigation bar and select Updates & Plugins.
  • Click on Install plugins and in the search bar type “SAML SSO”.
  • Click on the SAML SP Single Sign-On - SSO search result and the plugin will start installing.
  • October CMS SAML SSO, October as SP

Step 1: Setup WSO2 as Identity Provider

  • Login to your WSO2 admin console.
  • Select Add under the Service Providers tab.
  • Select mode as Manual Configuration.
  • Enter the Service Provider Name and click on Register button.
  • SAML Single Sign On (SSO) using WSO2 as Identity Provider, Add Service Provider Manually
  • Select Upload SP certificate option under SP Certificate Type.
  • Copy the certificate from plugin and provide it into Application Certificate field.
  • You can also download the certificate file and upload it through Browse file option.
  • SAML Single Sign On (SSO) using WSO2 as Identity Provider, Add Service Provider Manually
  • Under Claim Configuration, select Use Local Claim Dialect.
  • For Requested Claims, add http://wso2.org/claims/emailaddress as a claim URI.
  • Set Subject Claim URI to http://wso2.org/claims/nickname.
  • Under Inbound Authentication Configuration > SAML2 Web SSO Configuration, click Configure.
  • SAML Single Sign On (SSO) using WSO2 as Identity Provider, Claim Configuration
  • Enter Issuer value as provided under the Service Provider Info tab of the plugin.
  • Enter Assertion Consumer URL (ACS) as provided under Service Provider Info tab and click on Add.
  • Check Enable Response Signing.
  • Check the Enable Attribute Profile and include attributes in the response always.
  • SAML Single Sign On (SSO) using WSO2 as Identity Provider, Configuring Service Providers Meta Details
  • Check the Enable Audience Restriction.
  • Enter the Audience URL value provided under Service Provider Info tab of plugin and click on Add.
  • Check the Enable Recipient Validation. Enter the Recipient URL value provided under Service Provider Info tab of plugin and click on Add.
  • Click on Download IDP Metadata button save the IDP metadata file.
  • Click on Register to save the configuration.
  • SAML Single Sign On (SSO) using WSO2 as Identity Provider, Enable Audience validation and Download IDP Metadata File
  • Click on Update on Service Providers page to save the configuration.
  • Select Resident under Identity Providers tab from the menu.
  • Enter Home Realm Identifier value that you want (usually your WSO2 server address).
  • SAML Single Sign On (SSO) using WSO2 as Identity Provider, Set Home Realm Identifier URL
  • Click on Update to save the changes.

Steps 2 : October CMS as SP


  • Click on Single Sign On menu option from the main navigation bar at the top of your page.
  • You will see the Plugin Settings page. We will first configure the IdP Settings.
  • Fill out the required fields according to the information provided by your Identity Provider. You can refer to the example given below.
  • For Example:
  • IdP Name:myIDP
    IdP Entity Id:https://login.xecurify.com/moas/
    SAML Login URL:https://login.xecurify.com/moas/idp/samlsso
    SAML x509 Certificate:Certificate provided by your IdP.
  • Click on Save button.
  • October CMS SAML SSO, October as SP
  • The SP Settings tab has the data that you will need to provide to your IdP.
  • October CMS SAML SSO, October as SP
  • Click on the Test Configuration button and the user details will be fetched. Test configuration will show the attributes that are received and are mapped by attribute mapping.
  • October CMS SAML SSO, October as SP

Step 3: Attribute Mapping

  • Attribute Mapping feature allows you to map the user attributes sent by the IDP during SSO to the user attributes at October CMS.
  • Go to Attribute Mapping menu option from the main navigation bar at the top of your page.
  • It provides the Custom Atrribute Mapping feature in Premium plugin.
  • October CMS SAML SSO, October as SP

  • Click on Single Sign On menu option from the main navigation bar at the top of your page.
  • You will see the Plugin Settings page. We will first configure the IdP Settings.
  • Fill out the required fields according to the information provided by your Identity Provider. You can refer to the example given below.
  • For Example:
  • IdP Name:myIDP
    IdP Entity Id:https://login.xecurify.com/moas/
    SAML Login URL:https://login.xecurify.com/moas/idp/samlsso
    SAML Logout URL:https://login.xecurify.com/moas/idp/samllogout/
    SAML x509 Certificate:Certificate provided by your IdP.
  • Click on Save button.
  • October CMS SAML SSO, October as SP
  • The SP Settings tab has the data that you will need to provide to your IdP.
  • October CMS SAML SSO, October as SP
  • Click on the Test Configuration button and the user details will be fetched. Test configuration will show the attributes that are received and are mapped by attribute mapping.
  • October CMS SAML SSO, October as SP

Step 3: Attribute Mapping

  • Attribute Mapping feature allows you to map the user attributes sent by the IDP during SSO to the user attributes at October CMS.
  • Go to Attribute Mapping menu option from the main navigation bar at the top of your page.
  • It also provide Custom Attribute mapping feature, which allows you to map any attribute sent by the IDP to the October CMS.
  • You can map the attribute names received in Test Configuration to the user credentials of your October CMS users.
  • October CMS SAML SSO, October as SP

Step 4: SSO Button Component

  • Click on CMS from the main navigation and select the page that you want to place the button on from the Pages menu on the left-hand side.
  • Click on Components and click on SAML 2.0 SP to reveal the SSO Button component.
  • Drag and drop the component on to your selected page. Hit save and preview.
  • Click on the Single Sign-On (SSO) button to start the authentication flow for frontend users.
  • October CMS SAML SSO, October as SP
  • The button for Backend login screen is generated automatically.

Step 5: SSO Options

  • In the IDP Settings tab, you can configure Force Authentication to force login screen at IdP every time your users are redirected for SSO.
  • You can configure the Login Binding type to choose the method of sending the SAML request.
  • You can configure the Single Logout URL to send a logout request to the IdP when a user logs out of your OctoberCMS site.
  • October CMS SAML SSO, October as SP
  • In the SP Settings tab, you can configure Auto-Redirect to redirect users to IdP when they land on your site.
  • You can configure the Post-Login and Post-Logout URLs to redirect users after they SSO and Single Logout.
  • October CMS SAML SSO, October as SP
  • You can access the documentation for more details by going to Settings > Updates & Plugins > SAML 2.0 SP.

If you are looking for anything which you cannot find, please drop us an email on info@xecurify.com