Add SAML authentication to any ProcessWire website

ProcessWire-SAMLAuth

Add SAML authentication to any ProcessWire website

Installation

Before you even attempt to install this module you must have knowledge of SAML, without this you will have slim chance of getting this to work.

1. To install just unzip into the modules directory

2. use the example settings files in the lib directory to make the advanced_settings.php and settings.php files.

3. Make sure that your IDP is sending the email address of users as the mail attribute.

4. Add the SP to your IDP metadata, see the section below on SP URL's

5. Enable the module and try logging in, instead of the ProcessWire login form you should be redirected to the IDP to authenticate, and with any luck it should redirect back to the admin dashboard upon successful authentication.

Because users are matched up by email address you must have a user already setup in processwire with an email that matches an account on your IDP.

This will not make new accounts for security reasons.

This is bassed on the awesome OneLogin php saml toolkit and should be pretty simple to configure.

SP URL's

This module will act as a SP, and as such you will need to add it to your IDP metadata. This module adds the following URL's which you will need to do this

http://(ProcessWireSite)/saml/acs.php for the Assertion Consumer Service

http://(ProcessWireSite)/saml/metadata.php for the SP's metadata

http://(ProcessWireSite)/saml/sls.php for the Single Logout Service

Below is an example for people who use SimpleSAMLphp (this would go in saml20-sp-remote.php)

  $metadata['http://192.168.0.62/pwtheme/saml/metadata.php'] = array(
    'AssertionConsumerService' => 'http://192.168.0.62/pwtheme/saml/acs.php',
    'SingleLogoutService' => 'http://192.168.0.62/pwtheme/saml/sls.php',
  );

That ProcessWire site is installed in the pwtheme subdirectory on my test server just for context.

Install and use modules at your own risk. Always have a site and database backup before installing new modules.

Twitter updates

  • This week ProcessWire (3.0.175) gained the ability to maintain separate read-only and read-write database connections to optimize scalability, cost and performance. The post covers why this can be so valuable and how to configure it in ProcessWire— More
    2 April 2021
  • ProcessWire 3.0.174 core updates: improvements to the new path/URL hooks and more— More
    12 March 2021
  • ProcessWire 3.0.173 adds several new requested features and this post focuses on one of my favorites: the ability to hook into and handle ProcessWire URLs, independent of pages— More
    5 March 2021

Latest news

  • ProcessWire Weekly #362
    In the 362nd issue of ProcessWire Weekly we'll check out the latest weekly update from Ryan, introduce two new third party modules, and check out a brand new site of the week. Read on!
    Weekly.pw / 17 April 2021
  • ProcessWire 3.0.175 adds new database scalability options
    This week ProcessWire gained the ability to maintain separate read-only and read-write database connections to optimize scalability, cost and performance. The post covers why this can be so valuable and how to configure it in ProcessWire.
    Blog / 2 April 2021
  • Subscribe to weekly ProcessWire news

I just love the easy and intuitive ProcessWire API. ProcessWire rocks!” —Jens Martsch, Web developer