| Both sides previous revision Previous revision Next revision | Previous revision |
| en:2.0:single_sign_on [2025/05/05 18:31] – kainhofer | en:2.0:single_sign_on [2025/05/28 22:43] (current) – [Single-Sign-On using Admidio's User Accounts: SAML 2.0 and OpenId Connect] kainhofer |
|---|
| ^ Client ^ SAML 2.0 ^ OpenID Connect ^ Notes | | ^ Client ^ SAML 2.0 ^ OpenID Connect ^ Notes | |
| ^ {{:en:2.0:sso:logos:nextcloud.svg?40&nolink|Nextcloud}} Nextcloud | [[en:2.0:single_sign_on:saml_nextcloud|SAML 2.0 with Nextcloud]] | [[en:2.0:single_sign_on:oidc_nextcloud|OpenID with Nextcloud]] | | ^ {{:en:2.0:sso:logos:nextcloud.svg?40&nolink|Nextcloud}} Nextcloud | [[en:2.0:single_sign_on:saml_nextcloud|SAML 2.0 with Nextcloud]] | [[en:2.0:single_sign_on:oidc_nextcloud|OpenID with Nextcloud]] | |
| ^ {{:en:2.0:sso:logos:dokuwiki.png?45&nolink|DokuWiki}} DokuWiki | [[en:2.0:single_sign_on:saml_dokuwiki|SAML 2.0 with DokuWiki]] | [[en:2.0:single_sign_on:oidc_dokuwiki|OpenID with DokuWiki]] | | | ^ {{:en:2.0:sso:logos:dokuwiki.png?40&nolink|DokuWiki}} DokuWiki | [[en:2.0:single_sign_on:saml_dokuwiki|SAML 2.0 with DokuWiki]] | [[en:2.0:single_sign_on:oidc_dokuwiki|OpenID with DokuWiki]] | | |
| ^ {{:en:2.0:sso:logos:wordpress-logotype-standard.png?150&nolink|Wordpress}} | [[en:2.0:single_sign_on:saml_wordpress|SAML 2.0 with Wordpress]] | [[en:2.0:single_sign_on:oidc_wordpress|OpenID with Wordpress]] | | | ^ {{:en:2.0:sso:logos:wordpress-logotype-standard.png?120&nolink|Wordpress}} | [[en:2.0:single_sign_on:saml_wordpress|SAML 2.0 with Wordpress]] | [[en:2.0:single_sign_on:oidc_wordpress|OpenID with Wordpress]] | | |
| ^ {{:en:2.0:sso:logos:joomla.png?120&nolink|Joomla}} | [[en:2.0:single_sign_on:saml_joomla|SAML 2.0 with Joomla]] | [[en:2.0:single_sign_on:oidc_joomla|OpenID with Joomla]] | | | ^ {{:en:2.0:sso:logos:joomla.png?120&nolink|Joomla}} | [[en:2.0:single_sign_on:saml_joomla|SAML 2.0 with Joomla]] | [[en:2.0:single_sign_on:oidc_joomla|OpenID with Joomla]] | | |
| ^ {{:en:2.0:sso:logos:mediawiki.svg?120&nolink|MediaWiki}} | [[en:2.0:single_sign_on:saml_mediawiki|SAML 2.0 with MediaWiki]] | [[en:2.0:single_sign_on:oidc_mediawiki|OpenID with MediaWiki]] | | | ^ {{:en:2.0:sso:logos:mediawiki.svg?120&nolink|MediaWiki}} | [[en:2.0:single_sign_on:saml_mediawiki|SAML 2.0 with MediaWiki]] | [[en:2.0:single_sign_on:oidc_mediawiki|OpenID with MediaWiki]] | | |
| ^ {{:en:2.0:sso:logos:moodle.png?150&nolink|Moodle}} | [[en:2.0:single_sign_on:saml_moodle|SAML 2.0 with Moodle]] | [[en:2.0:single_sign_on:oidc_moodle|OpenID with Moodle]] | | | ^ {{:en:2.0:sso:logos:moodle.png?90&nolink|Moodle}} | [[en:2.0:single_sign_on:saml_moodle|SAML 2.0 with Moodle]] | [[en:2.0:single_sign_on:oidc_moodle|OpenID with Moodle]] | | |
| ^ {{:en:2.0:sso:logos:gitlab.svg?110&nolink|Gitlab}} | [[en:2.0:single_sign_on:saml_gitlab|SAML 2.0 with Gitlab]] | [[en:2.0:single_sign_on:oidc_gitlab|OpenID with Gitlab]] | | | ^ {{:en:2.0:sso:logos:gitlab.svg?100&nolink|Gitlab}} | [[en:2.0:single_sign_on:saml_gitlab|SAML 2.0 with Gitlab]] | [[en:2.0:single_sign_on:oidc_gitlab|OpenID with Gitlab]] | | |
| ^ {{:en:2.0:sso:logos:odoo_logo.svg?80&nolink|Odoo}} | [[en:2.0:single_sign_on:saml_odoo|SAML 2.0 with Odoo]] | [[en:2.0:single_sign_on:oidc_odoo|OpenID with Odoo]] | | | ^ {{:en:2.0:sso:logos:odoo_logo.svg?60&nolink|Odoo}} | [[en:2.0:single_sign_on:saml_odoo|SAML 2.0 with Odoo]] | [[en:2.0:single_sign_on:oidc_odoo|OpenID with Odoo]] | | |
| ^ {{:en:2.0:sso:logos:keycloak.svg?120&nolink|Keycloak}} | [[en:2.0:single_sign_on:saml_keycloak|SAML 2.0 with Keycloak]] | [[en:2.0:single_sign_on:oidc_keycloak|OpenID with Keycloak]] | | | ^ {{:en:2.0:sso:logos:keycloak.svg?120&nolink|Keycloak}} | [[en:2.0:single_sign_on:saml_keycloak|SAML 2.0 with Keycloak]] | [[en:2.0:single_sign_on:oidc_keycloak|OpenID with Keycloak]] | | |
| ^ {{:en:2.0:sso:logos:simplesamlphp.png?140&nolink|SimpleSAMLphp}} | [[en:2.0:single_sign_on:simplesamlphp|SAML 2.0 with SimpleSAMLphp]] | | | | ^ {{:en:2.0:sso:logos:simplesamlphp.png?140&nolink|SimpleSAMLphp}} | [[en:2.0:single_sign_on:simplesamlphp|SAML 2.0 with SimpleSAMLphp]] | | | |
| | | ^ {{:en:2.0:sso:logos:matomo_logo.svg?120&nolink|Matomo}} | | [[en:2.0:single_sign_on:oidc_matomo|OpenID with Matomo]] | | |
| | ^ {{:en:2.0:sso:logos:gnu_mailman_logo2010.png?120&nolink|Mailman3}} | | [[en:2.0:single_sign_on:oidc_mailman3|OpenID with Mailman3]] | | |
| | ^ {{:en:2.0:sso:logos:plesk_logo_primary_positive_.jpg?60&nolink|Plesk}} | | [[en:2.0:single_sign_on:oidc_plesk|OpenID with Plesk]] | | |
| |
| Other systems like Prestashop do not provide any freely available SAML plugin, only some very expensive commercial extensions. | Other systems like Prestashop do not provide any freely available SAML or OpenID plugin, only some very expensive commercial extensions. |
| |
| |
| * Which **roles / group memberships** are sent to the client on successful login. The data fields and groups can be mapped to different names, if the client cannot handle Admidio's fields and role names. On particular case is the admin role, where many clients use a role named "admin" to grant admin access to a user logged in via OpenID. | * Which **roles / group memberships** are sent to the client on successful login. The data fields and groups can be mapped to different names, if the client cannot handle Admidio's fields and role names. On particular case is the admin role, where many clients use a role named "admin" to grant admin access to a user logged in via OpenID. |
| |
| In addition each client typically has settings to require sent or received SAML messages to be signed and/or encrypted to ensure a secure login process. The details depend on the capabilities of the client. Some clients do not support encryption, other require all SAML messages to be signed (for good reason!). | In addition each client typically has some more settings regarding fields <=> claims mapping, groups, auto-generating accounts for new logins, etc. The details depend on the capabilities of the client. |
| |
| {{:en:2.0:sso:sso_oidc_01-08_clientsetup1.png?direct&300|}}{{:en:2.0:sso:sso_oidc_01-09_clientsetup2.png?direct&300|}}{{:en:2.0:sso:sso_oidc_01-10_clientsetup3.png?direct&300|}} | {{:en:2.0:sso:sso_oidc_01-08_clientsetup1.png?direct&300|}}{{:en:2.0:sso:sso_oidc_01-09_clientsetup2.png?direct&300|}}{{:en:2.0:sso:sso_oidc_01-10_clientsetup3.png?direct&300|}} |
| |
