Add SAML authentication to any ProcessWire website

ProcessWire-SAMLAuth

Add SAML authentication to any ProcessWire website

Installation

Before you even attempt to install this module you must have knowledge of SAML, without this you will have slim chance of getting this to work.

1. To install just unzip into the modules directory

2. use the example settings files in the lib directory to make the advanced_settings.php and settings.php files.

3. Make sure that your IDP is sending the email address of users as the mail attribute.

4. Add the SP to your IDP metadata, see the section below on SP URL's

5. Enable the module and try logging in, instead of the ProcessWire login form you should be redirected to the IDP to authenticate, and with any luck it should redirect back to the admin dashboard upon successful authentication.

Because users are matched up by email address you must have a user already setup in processwire with an email that matches an account on your IDP.

This will not make new accounts for security reasons.

This is bassed on the awesome OneLogin php saml toolkit and should be pretty simple to configure.

SP URL's

This module will act as a SP, and as such you will need to add it to your IDP metadata. This module adds the following URL's which you will need to do this

http://(ProcessWireSite)/saml/acs.php for the Assertion Consumer Service

http://(ProcessWireSite)/saml/metadata.php for the SP's metadata

http://(ProcessWireSite)/saml/sls.php for the Single Logout Service

Below is an example for people who use SimpleSAMLphp (this would go in saml20-sp-remote.php)

  $metadata['http://192.168.0.62/pwtheme/saml/metadata.php'] = array(
    'AssertionConsumerService' => 'http://192.168.0.62/pwtheme/saml/acs.php',
    'SingleLogoutService' => 'http://192.168.0.62/pwtheme/saml/sls.php',
  );

That ProcessWire site is installed in the pwtheme subdirectory on my test server just for context.

Install and use modules at your own risk. Always have a site and database backup before installing new modules.

Twitter updates

  • ProcessWire 3.0.187: This week we have some very useful new additions to both the core Repeater Fieldtype and the ProFields Repeater Matrix Fieldtype. This post covers all the details along with a couple of brief demonstration videos— More
    22 October 2021
  • ProcessWire 3.0.185 (dev) core updates, plus new Session Allow module— More
    17 September 2021
  • Three new ProcessWire Textformatter modules: Find/Replace, Markdown in Markup, and Emoji— More
    3 September 2021

Latest news

  • ProcessWire Weekly #389
    The 389th issue of ProcessWire Weekly we'll check out the latest core updates, introduce the Session Viewer module, and more. Read on!
    Weekly.pw / 23 October 2021
  • New Repeater and Repeater Matrix features
    This week we have some very useful new additions to both the core Repeater Fieldtype and the ProFields Repeater Matrix Fieldtype. This post covers all the details along with a couple of brief demonstration videos. 
    Blog / 22 October 2021
  • Subscribe to weekly ProcessWire news

“To Drupal, or to ProcessWire? The million dollar choice. We decided to make an early switch to PW. And in retrospect, ProcessWire was probably the best decision we made. Thanks are due to ProcessWire and the amazing system and set of modules that are in place.” —Unni Krishnan, Founder of PigtailPundits