How to configure SAML SSO between PHPKB and AWS Cognito?
Estimated Reading Time: 2 MinutesPHPKB is a knowledge base software that allows you to create, manage, and share documentation.
Note: You need to have SAML SSO Plugin installed with your license of PHPKB Knowledge Base Software to configure it with AWS Cognito.
To configure SAML SSO between PHPKB and AWS Cognito, follow these steps:
-
Create an AWS Cognito user pool (if not already created): Follow the steps mentioned here to create a Cognito user pool.
-
Configure SAML identity provider in AWS Cognito:
- In the AWS Cognito console, select your user pool and navigate to the "Identity providers" section.
- Click on "SAML" and fill in the required fields:
- Provider name: Give a name to your SAML identity provider (e.g., PHPKB_SSO).
- Metadata document: Upload the metadata XML file provided by PHPKB. This file contains the necessary information about the PHPKB identity provider, such as EntityID, SingleSignOnService endpoint, and public X.509 certificate for signature validation.
- Click "Create provider" to save the configuration.
-
Configure the PHPKB application as a relying party in AWS Cognito:
- Navigate to the "App client settings" section in your Cognito user pool.
- Select the app client you created earlier and enable the SAML identity provider.
- Add the ACS (Assertion Consumer Service) URL of your PHPKB instance to the "Callback URL(s)" field. This is where AWS Cognito will send the SAML assertions after a successful login.
- Save the changes.
-
Set up the SAML SSO in PHPKB:
- Log in to the PHPKB admin panel.
- Navigate to "Settings" > "Authentication" > "SAML SSO."
- Enable SAML SSO and fill in the required fields:
- Identity Provider EntityID: This value can be found in the AWS Cognito SAML identity provider configuration.
- Single Sign-On Service URL: This is the AWS Cognito SAML 2.0 endpoint, which can be found in the Cognito user pool's "App client settings" section.
- Single Logout Service URL: This is the AWS Cognito SAML 2.0 logout endpoint, which can also be found in the "App client settings" section.
- X.509 Certificate: Paste the public X.509 certificate provided by AWS Cognito. This can be found in the Cognito user pool's "SAML identity provider" configuration.
- Save the changes.
-
Test the SAML SSO:
- Log out of PHPKB and try to log in again. You should now see the option to log in with the SAML SSO provider.
- Click on the SSO button, and you'll be redirected to the AWS Cognito login page. Log in with your Cognito credentials or any other configured identity provider.
- After successful authentication, you'll be redirected back to PHPKB with your user session established.
By following these steps, you can configure SAML SSO between PHPKB and AWS Cognito.