October CMS Single Sign-On ( SSO ) plugin gives the ability to enable SAML Single Sign-On (SSO) for your October CMS sites. Our October CMS SSO plugin is compatible with all the SAML compliant Identity providers. Here we will go through a step-by-step guide to configure SAML SSO between October CMS site and your Identity Provider.
To integrate your Identity Provider(IDP) with October CMS, you need the following items:
October CMS should be installed and configured.
Download any Front-end user management plugins - RainLab/Buddies.
Download and Installation
Login to your October CMS site’s backend: https://example.com/backend.
From the admin dashboard, go to Settings from the main navigation bar and select Updates & Plugins.
Click on Install plugins and in the search bar type “SAML SSO”.
Click on the SAML SP Single Sign-On - SSO search result and the plugin will start installing.
Step 1: Setup WSO2 as Identity Provider
Login to your WSO2 admin console.
Select Add under the Service Providers tab.
Select mode as Manual Configuration.
Enter the Service Provider Name and click on Register button.
Select Upload SP certificate option under SP Certificate Type.
Copy the certificate from plugin and provide it into Application Certificate field.
You can also download the certificate file and upload it through Browse file option.
Under Claim Configuration, select Use Local Claim Dialect.
For Requested Claims, add http://wso2.org/claims/emailaddress as a claim URI.
Set Subject Claim URI to http://wso2.org/claims/nickname.
Under Inbound Authentication Configuration > SAML2 Web SSO Configuration, click Configure.
Enter Issuer value as provided under the Service Provider Info tab of the plugin.
Enter Assertion Consumer URL (ACS) as provided under Service Provider Info tab and click on Add.
Check Enable Response Signing.
Check the Enable Attribute Profile and include attributes in the response always.
Check the Enable Audience Restriction.
Enter the Audience URL value provided under Service Provider Info tab of plugin and click on Add.
Check the Enable Recipient Validation. Enter the Recipient URL value provided under Service Provider Info tab of plugin and click on Add.
Click on Download IDP Metadata button save the IDP metadata file.
Click on Register to save the configuration.
Click on Update on Service Providers page to save the configuration.
Select Resident under Identity Providers tab from the menu.
Enter Home Realm Identifier value that you want (usually your WSO2 server address).
If you dont hear from us within 24 hours, please feel free to send a follow up email to firstname.lastname@example.org
This privacy statement applies to miniorange websites describing how we handle the personal
When you visit any website, it may store or retrieve the information on your browser, mostly in the
form of the cookies. This information might be about you, your preferences or your device and is
mostly used to make the site work as you expect it to. The information does not directly identify
you, but it can give you a more personalized web experience.
Click on the category headings to check how we handle the cookies.
Strictly Necessary Cookies
Necessary cookies help make a website fully usable by enabling the basic functions like site
navigation, logging in, filling forms, etc. The cookies used for the functionality do not store any
personal identifiable information. However, some parts of the website will not work properly without
These cookies only collect aggregated information about the traffic of the website including -
visitors, sources, page clicks and views, etc. This allows us to know more about our most and least
popular pages along with users' interaction on the actionable elements and hence letting us improve
the performance of our website as well as our services.