SAML Login Configuration

Discuss Technical Queries about OrangeHRM
Post Reply
nickh48226
Posts:1
Joined:Fri Jan 17, 2020 1:59 pm
SAML Login Configuration

Post by nickh48226 » Fri Jan 17, 2020 2:11 pm

Hello

I just installed the OpenSource OrangeHRM 4 and looking to integrate with my internal SAML provider for SSO to my users. But, am not seeing any documentation on configuration. Are there any guides / guidance on configuring this with my internal provider? Appreciate the help.

Nick

vivek.khare
Posts:4
Joined:Tue Jan 07, 2020 1:39 pm

Re: SAML Login Configuration

Post by vivek.khare » Thu Jan 23, 2020 5:05 am

Hi Nick,

I also tried integrating GAuth with it but failing. How are you trying to integrate your SSO provider with open-source OrangeHRM?

Here is my post on GAuth integration that is unanswered:

Hi,

I have deployed OrangeHRM 4.3.4 on CentOS and trying to integrate Google Auth 2.0 with it but failing.
I can see OpenID & Google+ under Admin-->Configure Social Media Authentication while Google+ is deprecated 1 year back.
I still entered possible details like Redirect Url, Client ID, Client Secret & Developer Key (Though Google Auth does not have Developer key option for GAuth 2.0, it was in Google+)

Now when I see the login screen and select Google Authentication, it keeps redirecting me to login page only.
I need help to authenticate users through Google Auth 2.0, please help
Best,
Vivek

nuwan
Posts:1
Joined:Wed Feb 14, 2018 4:43 am

Re: SAML Login Configuration

Post by nuwan » Tue Feb 11, 2020 6:09 am

Hi Nick,

OrangeHRM Opensource doesn't support SAML. But it's possible to implement this by using SimpleSAMLphp library.
https://simplesamlphp.org
Please follow their guides to implement the SAML facility.

In order to check how you can integrate with SAML user attributes with OrangeHRM user please refer to the following files in OrangeHRM code base. Example code is from OpenID Plugin which is currently available in OrangeHRM.
openIdCredentialsAction.class.php => https://github.com/orangehrm/orangehrm/blob/master/symfony/plugins/orangehrmOpenidAuthenticationPlugin/modules/openidauth/actions/openIdCredentialsAction.class.php
OpenIdAuthProvider.php => https://github.com/orangehrm/orangehrm/blob/master/symfony/plugins/orangehrmOpenidAuthenticationPlugin/lib/authproviders/OpenIdAuthProvider.php

The following are the basic steps for you to refer to.
1. Initiate the communication with SAML IDP => check SimpleSAMLphp documentation for more details.
2. Once the login success with IDP and response to back to OrangeHRM
2.1 Read the SAML user attributes => check SimpleSAMLphp documentation for more details.
2.2 Pick the user name from SAML user attributes.
2.3 call OpenIDService::setOpenIdCredentials method by passing user name and additional attributes that you need to track. It should return true for a valide user name.
Refer https://github.com/orangehrm/orangehrm/blob/master/symfony/plugins/orangehrmOpenidAuthenticationPlugin/lib/authproviders/OpenIdAuthProvider.php, from line number 47.
$success = $this->getOpenIdService()->setOpenIdCredentials($username, $dataArray);
2.4 Once this is done redirect to pim/viewMyDetails page.
Refer https://github.com/orangehrm/orangehrm/blob/master/symfony/plugins/orangehrmOpenidAuthenticationPlugin/modules/openidauth/actions/openIdCredentialsAction.class.php, showFlashMessage method.
$this->redirect('pim/viewMyDetails');

Post Reply