SAML Single Sign-On (SSO) into October CMS Using WSO2

SAML Single Sign-On (SSO) into October CMS Using WSO2


October CMS Single Sign-On ( SSO ) plugin gives the ability to enable SAML Single Sign-On (SSO) for your October CMS sites. Our October CMS SSO plugin is compatible with all the SAML compliant Identity providers. Here we will go through a step-by-step guide to configure SAML SSO between October CMS site and your Identity Provider.

Pre-requisites

To integrate your Identity Provider(IDP) with October CMS, you need the following items:

  • October CMS should be installed and configured.
  • Download any Front-end user management plugins - RainLab/Buddies.

Download and Installation

  • Login to your October CMS site’s backend: https://example.com/backend.
  • From the admin dashboard, go to Settings from the main navigation bar and select Updates & Plugins.
  • Click on Install plugins and in the search bar type “SAML SSO”.
  • Click on the SAML SP Single Sign-On - SSO search result and the plugin will start installing.
  • October CMS SAML SSO, October as SP

Step 1: Setup WSO2 as Identity Provider

  • Login to your WSO2 admin console.
  • Select Add under the Service Providers tab.
  • Select mode as Manual Configuration.
  • Enter the Service Provider Name and click on Register button.
  • SAML Single Sign On (SSO) using WSO2 as Identity Provider, Add Service Provider Manually
  • Select Upload SP certificate option under SP Certificate Type.
  • Copy the certificate from plugin and provide it into Application Certificate field.
  • You can also download the certificate file and upload it through Browse file option.
  • SAML Single Sign On (SSO) using WSO2 as Identity Provider, Add Service Provider Manually
  • Under Claim Configuration, select Use Local Claim Dialect.
  • For Requested Claims, add http://wso2.org/claims/emailaddress as a claim URI.
  • Set Subject Claim URI to http://wso2.org/claims/nickname.
  • Under Inbound Authentication Configuration > SAML2 Web SSO Configuration, click Configure.
  • SAML Single Sign On (SSO) using WSO2 as Identity Provider, Claim Configuration
  • Enter Issuer value as provided under the Service Provider Info tab of the plugin.
  • Enter Assertion Consumer URL (ACS) as provided under Service Provider Info tab and click on Add.
  • Check Enable Response Signing.
  • Check the Enable Attribute Profile and include attributes in the response always.
  • SAML Single Sign On (SSO) using WSO2 as Identity Provider, Configuring Service Providers Meta Details
  • Check the Enable Audience Restriction.
  • Enter the Audience URL value provided under Service Provider Info tab of plugin and click on Add.
  • Check the Enable Recipient Validation. Enter the Recipient URL value provided under Service Provider Info tab of plugin and click on Add.
  • Click on Download IDP Metadata button save the IDP metadata file.
  • Click on Register to save the configuration.
  • SAML Single Sign On (SSO) using WSO2 as Identity Provider, Enable Audience validation and Download IDP Metadata File
  • Click on Update on Service Providers page to save the configuration.
  • Select Resident under Identity Providers tab from the menu.
  • Enter Home Realm Identifier value that you want (usually your WSO2 server address).
  • SAML Single Sign On (SSO) using WSO2 as Identity Provider, Set Home Realm Identifier URL
  • Click on Update to save the changes.

Steps 2 : October CMS as SP


  • Click on Single Sign On menu option from the main navigation bar at the top of your page.
  • You will see the Plugin Settings page. We will first configure the IdP Settings.
  • Fill out the required fields according to the information provided by your Identity Provider. You can refer to the example given below.
  • For Example:
  • IdP Name:myIDP
    IdP Entity Id:https://login.xecurify.com/moas/
    SAML Login URL:https://login.xecurify.com/moas/idp/samlsso
    SAML x509 Certificate:Certificate provided by your IdP.
  • Click on Save button.
  • October CMS SAML SSO, October as SP
  • The SP Settings tab has the data that you will need to provide to your IdP.
  • October CMS SAML SSO, October as SP
  • Click on the Test Configuration button and the user details will be fetched. Test configuration will show the attributes that are received and are mapped by attribute mapping.
  • October CMS SAML SSO, October as SP

Step 3: Attribute Mapping

  • Attribute Mapping feature allows you to map the user attributes sent by the IDP during SSO to the user attributes at October CMS.
  • Go to Attribute Mapping menu option from the main navigation bar at the top of your page.
  • It provides the Custom Atrribute Mapping feature in Premium plugin.
  • October CMS SAML SSO, October as SP

  • Click on Single Sign On menu option from the main navigation bar at the top of your page.
  • You will see the Plugin Settings page. We will first configure the IdP Settings.
  • Fill out the required fields according to the information provided by your Identity Provider. You can refer to the example given below.
  • For Example:
  • IdP Name:myIDP
    IdP Entity Id:https://login.xecurify.com/moas/
    SAML Login URL:https://login.xecurify.com/moas/idp/samlsso
    SAML Logout URL:https://login.xecurify.com/moas/idp/samllogout/
    SAML x509 Certificate:Certificate provided by your IdP.
  • Click on Save button.
  • October CMS SAML SSO, October as SP
  • The SP Settings tab has the data that you will need to provide to your IdP.
  • October CMS SAML SSO, October as SP
  • Click on the Test Configuration button and the user details will be fetched. Test configuration will show the attributes that are received and are mapped by attribute mapping.
  • October CMS SAML SSO, October as SP

Step 3: Attribute Mapping

  • Attribute Mapping feature allows you to map the user attributes sent by the IDP during SSO to the user attributes at October CMS.
  • Go to Attribute Mapping menu option from the main navigation bar at the top of your page.
  • It also provide Custom Attribute mapping feature, which allows you to map any attribute sent by the IDP to the October CMS.
  • You can map the attribute names received in Test Configuration to the user credentials of your October CMS users.
  • October CMS SAML SSO, October as SP

Step 4: SSO Button Component

  • Click on CMS from the main navigation and select the page that you want to place the button on from the Pages menu on the left-hand side.
  • Click on Components and click on SAML 2.0 SP to reveal the SSO Button component.
  • Drag and drop the component on to your selected page. Hit save and preview.
  • Click on the Single Sign-On (SSO) button to start the authentication flow for frontend users.
  • October CMS SAML SSO, October as SP
  • The button for Backend login screen is generated automatically.

Step 5: SSO Options

  • In the IDP Settings tab, you can configure Force Authentication to force login screen at IdP every time your users are redirected for SSO.
  • You can configure the Login Binding type to choose the method of sending the SAML request.
  • You can configure the Single Logout URL to send a logout request to the IdP when a user logs out of your OctoberCMS site.
  • October CMS SAML SSO, October as SP
  • In the SP Settings tab, you can configure Auto-Redirect to redirect users to IdP when they land on your site.
  • You can configure the Post-Login and Post-Logout URLs to redirect users after they SSO and Single Logout.
  • October CMS SAML SSO, October as SP
  • You can access the documentation for more details by going to Settings > Updates & Plugins > SAML 2.0 SP.

If you are looking for anything which you cannot find, please drop us an email on info@xecurify.com

Hello there!

Need Help? We are right here!

support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com