With the SAML SSO module, users can be automatically registered and logged into the HumHub installation using a SAML Identity Provider.
Security Assertion Markup Language (SAML) is an open standard that allows identity providers (IdP) to pass authorization credentials to service providers (SP).
Note: This module is currently in beta stage
We recommend that you disable the feature for SameSite cookies at this time, otherwise you may experience problems with some older Safari browsers.
Example of @humhub/protected/config/web.php
:
<?php
//...
$config => [
// ...
'components' => [
'session' => [
'cookieParams' => [
'sameSite' => null,
],
],
],
//...
];
No known limitations.
Currently the SLO (Single Logout) does not work correctly.
Create a self-signed certificate.
openssl req -newkey rsa:3072 -new -x509 -days 3652 -nodes -out saml.crt -keyout saml.pem
Add the contents of the file
`saml.pem
in the input field
SP: Private key
``saml.crt
in the input field
SP: X.509 certificate
`of the SAML configuration.
php >= 5.3.3
and some core extensions like php-xml
, php-date
, php-zlib
.openssl
. Install the openssl library. It handles x509 certificates.mcrypt
. Install that library and its php driver if you're going to handle
encrypted data (nameID
, assertions
).gettext
. Install that library and its php driver. It handles translations.curl
. Install that library and its php driver if you plan to use the IdP Metadata parser.Since PHP 5.3 is officially unsupported we recommend you to use a newer PHP version.
HumHub licences at: https://www.humhub.com/licences
Based on Simple SAML toolkit