Cookie Configuration

We recommend that you disable the feature for SameSite cookies at this time, otherwise you may experience problems with some older Safari browsers.

Example of @humhub/protected/config/web.php:

<?php
//...
$config => [
  // ...
  'components' => [  
      'session' => [
            'cookieParams' => [
                'sameSite' => null,
            ],
      ],
  ],
  //...
];

Tested SAML Identity Providers

SimpleSAML

No known limitations.

Keycloak

• Install client using Metadata File
• Disable: (Realm) -> Client Scopes -> role_list (saml) -> Mappers tab -> role list -> 'Single Role Attribute'.

Okta

Currently the SLO (Single Logout) does not work correctly.

Encrypted and Signed SP messages

Create a self-signed certificate.

openssl req -newkey rsa:3072 -new -x509 -days 3652 -nodes -out saml.crt -keyout saml.pem

Add the contents of the file

• `saml.pem in the input field SP: Private key`
• `saml.crt in the input field SP: X.509 certificate`

of the SAML configuration.

Dependencies

• php >= 5.3.3 and some core extensions like php-xml, php-date, php-zlib.
• openssl. Install the openssl library. It handles x509 certificates.
• mcrypt. Install that library and its php driver if you're going to handle encrypted data (nameID, assertions).
• gettext. Install that library and its php driver. It handles translations.
• curl. Install that library and its php driver if you plan to use the IdP Metadata parser.

Since PHP 5.3 is officially unsupported we recommend you to use a newer PHP version.

Licences

• HumHub licences at: https://www.humhub.com/licences

• Based on Simple SAML toolkit

• Module icon made by Freepik from Flaticon.

1.1.1 (May 20, 2020)

• Fix: Problem with console usage

1.1.0 (May 19, 2020)

• Enh: Added "Information" section to SAML configuration

1.0.0 (January 7, 2020)

• Enh: Initial commit of first beta version