HomeSitemap
EnglishDeutsch
One logon is enough.

Getting started with Single Sign-On for TYPO3

Prerequesits

  • Have the third-party application ("TPA" - the application that you want to attach to TYPO3) up and running.
  • Make sure an SSO Adapter for your TPA is available.
  • Have a TYPO3 website up and running. It does not have to reside on the same server as the TPA.
  • Make sure that both of the above run on platforms where OpenSSL is available.
  • Hint: The "OpenSSL" software is only used for internal security (technically: for signature means) not for HTTPS.
  • [The use of SSL is of course possible, but not mandatory for SSO to work.]

Preparations

  • Create an SSO directory (e.g. /usr/local/sso) on both servers.
  • Create a signature key pair. Details on this are given in the "SSO Server documentation" (available here).
  • Place the key pair in the TYPO3 server's SSO directory.
  • Place the public key in the TPA server's SSO directory.
  • Make sure the keys are accessible for the web server, but protect at least the private key from all other access. See the docs for further security measures.

SSO Server setup

  • Download and install the SSO extension
  • Configure it in the extension manager (most important: set the path to the private key)
  • Windows users: please do not check the "externalOpenssl" option
  • Place the SSO plugin on the desired page.
  • Either the plugin or the page where it resides should have access definitions (i.e. the plugin must not be accessible to anonymous users)!
  • Enter the target application data (Third Party Application ID, SSO Agent URL) inside the plugin. See docs for details.
  • Decide on the user experience you wish to provide (you may want to see the SSO online demo for various alternatives) and configure the plugin accordingly.
  • Optionally, configure further settings inside the plugin.
  • The "Usermapping" backend module is not needed in most cases!

SSO Agent for PHP setup

  • Download and install the SSO Agent for PHP.
  • Customize the "global" cestion of your config file.
  • If the location of the config does not match "/usr/local/sigsso/etc/sigsso.conf", change the "configfile" setting in your adapter (the sigsso.php file) accordingly.

SSO Adapter Setup

  • Download the SSO Adapter for your TPA
  • Read and follow the specific documentation sheet.
  • Configure the SSO Agent's config file accordingly. Make sure to use the same "TPA ID" value as configured in the SSO Server TYPO3 plugin.

Verify Installation

  • If you do not use the user propagation feature, make sure the same user exists in both TYPO3 and the TPA.
  • Logon to your TYPO3 with that user.
  • Navigate to the page where the SSO plugin resides.
  • The link generated should look similar to this: http://<your TPA-Server>/sigsso.php ?version=2.0&user=<your user> &tpa_id=<TPA ID that you entered> &expires=1174259826 &action=logon &flags=<short hash> &userdata=<may be empty> &signature=<some long hash>
  • Click that link - it should bring to to the start page of your TPA, being logged on
  • Anything wrong? Please follow the error messages if available, check your logs, increase loglevel in the SSO Agent, read the "troubleshooting" hints in the docs, and see our FAQ and forum.
DirectSSO