Back to overview

SAML - SSO

Add it on-the-fly to your HumHub by activating it in the Modules menu! ("Administration -> Modules")


SAML SSO

With the SAML SSO module, users can be automatically registered and logged into the HumHub installation using a SAML Identity Provider.

Security Assertion Markup Language (SAML) is an open standard that allows identity providers (IdP) to pass authorization credentials to service providers (SP).

Note: This module is currently in beta stage

Tested SAML Identity Providers

SimpleSAML

No known limitations.

Keycloak

  • Install client using Metadata File
  • Disable: (Realm) -> Client Scopes -> role_list (saml) -> Mappers tab -> role list -> 'Single Role Attribute'.

Okta

Currently the SLO (Single Logout) does not work correctly.

Encrypted and Signed SP messages

Create a self-signed certificate.

openssl req -newkey rsa:3072 -new -x509 -days 3652 -nodes -out saml.crt -keyout saml.pem

Add the contents of the file

  • `saml.pem in the input field SP: Private key`
  • `saml.crt in the input field SP: X.509 certificate`

of the SAML configuration.

Dependencies

  • php >= 5.3.3 and some core extensions like php-xml, php-date, php-zlib.
  • openssl. Install the openssl library. It handles x509 certificates.
  • mcrypt. Install that library and its php driver if you're going to handle encrypted data (nameID, assertions).
  • gettext. Install that library and its php driver. It handles translations.
  • curl. Install that library and its php driver if you plan to use the IdP Metadata parser.

Since PHP 5.3 is officially unsupported we recommend you to use a newer PHP version.

Licences

1.1.1 (May 20, 2020)

  • Fix: Problem with console usage

1.1.0 (May 19, 2020)

  • Enh: Added "Information" section to SAML configuration

1.0.0 (January 7, 2020)

  • Enh: Initial commit of first beta version
Version:
1.1.1 (released 12 days ago)

Publisher:
HumHub GmbH & Co. KG

Website:
https://github.com/humhub/humhub-modules-saml-sso

Compatibility:
HumHub 1.4 - Latest