Page 1 of 1

SAML Login Configuration

Posted: Fri Jan 17, 2020 2:11 pm
by nickh48226
Hello

I just installed the OpenSource OrangeHRM 4 and looking to integrate with my internal SAML provider for SSO to my users. But, am not seeing any documentation on configuration. Are there any guides / guidance on configuring this with my internal provider? Appreciate the help.

Nick

Re: SAML Login Configuration

Posted: Thu Jan 23, 2020 5:05 am
by vivek.khare
Hi Nick,

I also tried integrating GAuth with it but failing. How are you trying to integrate your SSO provider with open-source OrangeHRM?

Here is my post on GAuth integration that is unanswered:

Hi,

I have deployed OrangeHRM 4.3.4 on CentOS and trying to integrate Google Auth 2.0 with it but failing.
I can see OpenID & Google+ under Admin-->Configure Social Media Authentication while Google+ is deprecated 1 year back.
I still entered possible details like Redirect Url, Client ID, Client Secret & Developer Key (Though Google Auth does not have Developer key option for GAuth 2.0, it was in Google+)

Now when I see the login screen and select Google Authentication, it keeps redirecting me to login page only.
I need help to authenticate users through Google Auth 2.0, please help

Re: SAML Login Configuration

Posted: Tue Feb 11, 2020 6:09 am
by nuwan
Hi Nick,

OrangeHRM Opensource doesn't support SAML. But it's possible to implement this by using SimpleSAMLphp library.
https://simplesamlphp.org
Please follow their guides to implement the SAML facility.

In order to check how you can integrate with SAML user attributes with OrangeHRM user please refer to the following files in OrangeHRM code base. Example code is from OpenID Plugin which is currently available in OrangeHRM.
openIdCredentialsAction.class.php => https://github.com/orangehrm/orangehrm/blob/master/symfony/plugins/orangehrmOpenidAuthenticationPlugin/modules/openidauth/actions/openIdCredentialsAction.class.php
OpenIdAuthProvider.php => https://github.com/orangehrm/orangehrm/blob/master/symfony/plugins/orangehrmOpenidAuthenticationPlugin/lib/authproviders/OpenIdAuthProvider.php

The following are the basic steps for you to refer to.
1. Initiate the communication with SAML IDP => check SimpleSAMLphp documentation for more details.
2. Once the login success with IDP and response to back to OrangeHRM
2.1 Read the SAML user attributes => check SimpleSAMLphp documentation for more details.
2.2 Pick the user name from SAML user attributes.
2.3 call OpenIDService::setOpenIdCredentials method by passing user name and additional attributes that you need to track. It should return true for a valide user name.
Refer https://github.com/orangehrm/orangehrm/blob/master/symfony/plugins/orangehrmOpenidAuthenticationPlugin/lib/authproviders/OpenIdAuthProvider.php, from line number 47.
$success = $this->getOpenIdService()->setOpenIdCredentials($username, $dataArray);
2.4 Once this is done redirect to pim/viewMyDetails page.
Refer https://github.com/orangehrm/orangehrm/blob/master/symfony/plugins/orangehrmOpenidAuthenticationPlugin/modules/openidauth/actions/openIdCredentialsAction.class.php, showFlashMessage method.
$this->redirect('pim/viewMyDetails');