Typo3 SAML Single Sign-On (SSO) Setup Guide

Typo3 SAML Single Sign-On (SSO) Setup Guide


Typo3 SAML Single Sign-On (SSO) can be achieved by using our Typo3 SAML SP Single Sign-On (SSO) plugin. Our SSO solution will make Typo3 SAML 2.0 compliant Service Provider establishing trust between the Typo3 site and your Identity Provider (IdP) to securely authenticate and login users to the Typo3 site. Our Typo3 Single Sign-On (SSO) solution helps to secure Typo3 sites behind the SSO login so that users are authenticated using their Identity Provider login credentials. Seamless support for advanced SSO features like Attribute / Custom Mapping, Role Mapping etc.

SAML allows information to be exchanged between Service Providers and Identity Providers; SAML is the integration of Service Providers and Identity Providers. When a user attempts to log in, your Service provider delivers SAML assertions to Identity Provider, which contain information about the user. The assertion is received by Identity Provider, which validates it against your Service Provider settings before allowing the user access to your org.

Click here to know more about other features we provide in Typo3 SAML Single Sign-On extension.

Installation Steps

1. Installing SAML extension in TYPO3

  • Download the zip file of the SAML SP extension from TYPO3 marketplace
  • Go to your TYPO3 backend, and click on Extensions section at the left side of your screen.
  • Upload the zip file,as represented in the below image.
  • Typo3 SAML SSO setup guide upload plugin
  • Now search for the "miniOrange SAML" in Installed extensions section and activate the extension by clicking on activate button.
  • Typo3 SAML SSO create frontend
  • After installation, click on the newly installed extension "miniOrange SAML SP extension" for TYPO3 SSO and login with your registered miniOrange credentials.
  • Typo3 miniorange OpenIDCconnect settings
  • After entering username and password you will require license key to proceed further if you are a premium customer. (You will get this key from the miniOrange team. After entering license key, you can activate the license and proceed further.)
  • miniorange license SAML login
  • If you are not a premium customer you can direcly login submitting miniOrange credentials.
  • After successful login, you can see the details related to your account.
  • Typo3 saml SSO create frontend
  • Now you are ready to configure your IdP. But, it's important to integrate frontend first.

2. Integrate extension with TYPO3

  • Now you have to design your frontend by left clicking on the Home tab then click on New Subpage
  • Typo3 SAML SSO create frontend
  • You need to add two STANDARD pages within the HOME page. If you are using Premium Plugin you can create three pages.
  • Here we will consider Page Names as: FESAML, RESPONSE, LOGOUT (Logout is optional for premium customers).
  • Enter the Standard Page name as: FESAML.
  • FESAML page Typo3 Single Sign-On
  • Click on FESAML Page and click on Add content. Go to plugins and add FESAML Plugin.
  • Typo3 SAML login add content
  • Navigate to plugin tab and select FESAML plugin. Add website users in Record Storage Page and save the settings.
  • Typo3 login add website users
  • If you need to make changes in URL segment, which will also be your initial SSO URL, right click on FESAML page, select edit and click on "toggle URL" button to set URL according to your way.
  • Typo3 SAML sign-in edit SSO URL
  • Follow the same steps to create and configure Standard pages of Response.
  • Ensure you will be selecting Response Plugin for Response page and Logout Plugin for Logout Page.
  • Your TYPO3 directory should look like this.
  • Typo3 SAML SSO directory
  • Also, you must create at least one group as TYPO3 doesn’t allow to create users unless there’s one usergroup at least.
  • To create group go to list tab from the left panel, click on Website users folder and hit the "+" button at the top of the screen.
  • create group Typo3 OIDC single sign on
  • Now select Websiteuser group ? from the list.
  • Typo3 SAML SSO website users group
  • Insert Group Name in group title section and click on Save button at the top. User group will be created.
  • User group created Typo3 SAML SSO
  • You can also create a SSO button on login page. Click on Home, proceed to the +Content option.
  • Typo3 SAML SSO add content
  • Switch to Special elements tab and select Plain HTML.
  • Plain html to create miniorange SSO button
  • Here what you will be doing is, you are adding SSO login button, URL in the button section will be of FESAML Standard Page.
  • The code snippet to do so is mentioned in the given image. Enter the code and hit the Save button at the top.
  • SSO button on frontend Typo3 SAML SSO
  • Now you can configure plugin in the backend.

3. Configure Service Provider

  • Go to miniOrange SAML SP, and switch to Service Provider settings tab.
  • Enter all the URL fields with their respective URL's.
  • You will get URL with fesaml from the fesaml standard page, URL with Response from the response standard page and SINGLE LOGOUT URL from the Logout standard page.
  • Revising again you can get URL by going to Pages section, in that right click on FESAML Page select edit and you will get your FESAML URL.
  • FESAML URL Typo3 single sign on
  • Don't get confused over ACS URL, your response URL itself is your ACS URL.
  • SP entity ID and Base URL will be your basic TYPO3 URL.
  • After filling all the fields, Save the SP settings accordingly.
  • Save SP settings typo3 sso
  • TYPO3 Single Sign-On SP URL's
  • Keep all this URL with you, as you will require this to configure IDP.

4. Configure Identity Provider

  • Go to miniOrange SAML SP Plugin, and switch to Identity provider settings tab, fill the necessary configuration options provided by your Identity Provider (IdP). ( Identity Provider Name, IdP Entity Id, SAML Login URL, SAML x509 Certificate ) and click on “Save”. You will get all these inputs by your Identity Provider.
  • Let's see how IDP is configured, here we will consider miniOrange as IDP.
  • Log in to miniOrange Admin Console.
  • Go to Apps and click on Add Application button.
  • typo3 saml sso go to apps add application typo3 login
  • Click on SAML / WS-FED tab.
  • select saml ws-fed typo3 sso
  • Search for TYPO3. If you can't find your application you can select Custom App
  • custom app selection typo3 saml single sign on
  • Now you will be directed to the “Add/Application” Panel.
  • In SP Entity ID/Issuer and Audience URL section enter the base URL of your TYPO3, from SP settings of the TYPO3 which we configured before.
  • Enter your TYPO3 Response URL in ACS URL section.
  • Click on Save button to add TYPO3 Application
  • save typo3 application login
  • Go to Apps >> Manage Apps.
  • Search for your app and click on the Select in action menu against your app.
  • Click on Edit and configure the required settings.
  • Typo3 SAML SSO edit and configure settings
  • Select attribute.(Here we will select email as an attribute)
  • Click on Save to add TYPO3 settings.
  • Typo3 SAML SSO save settings
  • You can get metadata certificate and metadata details by using the following steps:
  • Go to Apps >> Manage Apps.
  • Search for your app and click on the select in action menu against your app.
  • Click on Metadata to get metadata details, which you need to fill up in Typo3 Identity Provider Settings. Click on Link to see the IDP initiated SSO link for TYPO3.
  • Get metadata details Typo3 SAML SSO
  • Here you will see options, if you are setting up miniOrange as IDP copy the metadetails related to miniOrange.
  • Copy SAML Login URL , SAML Logout URL IDP entity ID and SAML x509 Certificate.
  • Typo3 SAML SSO
  • Paste the respective URL in Identity Provider settings respectively anc click on save button to complete your IDP configuration.
  • Typo3 SAML SSO IdP configuration Typo3 SAML SSO

5. Test Configuration

  • This feature will help you to find out if submitted configurations are correct or not. You will also get the attributes you have configured in response.
  • To get test Configuration checked go to SAML SP plugin, in that go to IDP settings section, in the bottom you will find Test Configuration button, click on it it will show you the results as shown in the given diagram.
  • Test configuration Typo3 SAML SSO

6. Attribute Mapping

  • Attribute Mapping is not provided in the free version of SAML SP extension. To enable Attribute Mapping upgrade your SAML SP extension to the premium plugin.
  • Attribute mapping maps the incoming attributes from SAML Response to user profile of TYPO3 website.
  • To map attributes go to SAML SP Plugin and switch to attribute mapping tab, enter attribute fields and scroll down to save the settings.
  • Attribute mapping Typo3 SAML SSO

7. Group Mapping

  • Group Mapping is not provided in the free version of SAML SP extension. To enable Group Mapping upgrade your SAML SP extension to the premium plugin.
  • Group mapping maps group name of IDP to the group name of SP and passes user attributes accordingly.
  • For group mapping go to miniOrange SAML SP Plugin and switch to group mapping tab enter the required fields and scroll down to save the settings.
  • As shown in the given diagram "Default" is user group of IDP while "Group10" is the group we created in TYPO3 which is your SP.
  • Typo3 SAML Single Sign On Group mapping

Additional Resources


If you are looking for anything which you cannot find, please drop us an email on info@xecurify.com

Hello there!

Need Help? We are right here!

support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com