SAML Sign in with Microsoft - Eonic/ProteanCMS GitHub Wiki

1. Register the Enterprise Application in Azure

  1. Go to Azure Portal 

  2. Navigate to:
    Azure Active Directory → Enterprise applications → New application

  3. Click "Create your own application"

    • Name it (e.g., ITBWebsite)

    • Choose Integrate any other application you don’t find in the gallery (Non-gallery)

  4. After creating, go to the app → Single sign-on → SAML

2. Configure Basic SAML Settings

In the SAML-based Sign-on section:

Identifier (Entity ID) : ProteanCMS (your SP entity ID)

Reply URL (ACS URL) : https://demo2019.intotheblue.co.uk/?ewCmd=admin (where SAML response is posted)

Sign-on URL (optional) : https://demo2019.intotheblue.co.uk/?ewCmd=admin (used for IdP-initiated login)

Relay State (optional), Logout URL (optional)

3. Download Microsoft IdP Info

After setting the above:

  1. Scroll down to SAML Signing Certificate

  2. Download:

    • Certificate (Base64)

    • Login URL (IdP SSO URL)

    • Azure AD Identifier (Issuer)

You’ll use this in your SP to validate SAML responses.

4. Add Users/Groups

  • Go to:
    Users and groups → Add user/group

  • Assign who is allowed to access this app

Configure SP in your config file image.png

6. Testing SAML Login

For SP-Initiated Login:

  • User clicks “Login with Microsoft”

  • Your app redirects to Microsoft’s SSO URL

  • Microsoft authenticates and posts SAML response to your ACS endpoint

⚠️ **GitHub.com Fallback** ⚠️