SAML Module Enables 1-Login for multiple dotCMS sites

MIAMI, FLORIDA and MEDINA, OHIO - dotCMS and Ethode are pleased to announce the launch and availability of a new SAML Authentication Module for dotCMS, a powerful content management system that can be managed on-premise or in the cloud. With the SAML Module, dotCMS administrators can now login once and be granted access to multiple dotCMS sites, subdomains, and systems. The module will enable enterprises to avoid disruptions in their business continuity by harmonizing security across their digital platform.

What is dotCMS?

dotCMS is a powerful and scalable open source content management system (CMS). The CMS delivers content to websites, intranets, extranets, portals, mobile apps and next-generation Internet technologies. It can also be used as a headless CMS, with content consumed via RESTful APIs. It has been designed to manage and deliver personalized, permission-based content experiences across multiple channels.

dotCMS is used everywhere, from running small sites to powering multi-node installations for government entities, Fortune 100 companies, universities, and global brands. A dotCMS environment can scale to support hundreds of editors managing thousands of sites with millions of content objects.

Teams can push entire websites to geographically distributed servers or CDNs with dotCMS, which features fully-customizable workflows that adapt to business needs. dotCMS also easily integrates with third party systems like marketing automation, eCommerce, CRMs and ERPs.

What is SAML?

SAML stands for Security Assertion Markup Language, and is an open standard for web browser single sign-on. It works by exchanging authentication and authorization data between an Identity Provider (IdP) and a Service Provider (SP).

As its name suggests, SAML is an XML-based markup language for security assertions, which are statements that enable service providers to allow users to access the services they provide.

How does dotCMS use SAML?

A module has been developed for dotCMS that allows administrators to use a single IdP to manage user accounts and gain access to multiple dotCMS sites on the same installation.

As a result, the module saves users needing to log into multiple sites to gain access to all the data they need. Once a user logs into one participating site, the user gains access to each site that they have access to that is participating with that SAML configuration.

Without the dotCMS SAML Module, if a business or organization has many separate domains or sub-domains with password-protected information, a user would be required to log into each site separately to see their user data. With SAML, the user can log into one site, and gain access to user data on each sub-domain. No additional login is required.

What are the benefits of using SAML?

SAML provides users and administrators with a number of key advantages:

  • Improved Usability - Users benefit from using one set of credentials to access all dotCMS instances at once.

  • Integration with Third Parties - Your dotCMS instance integrates with other separate services that are using the same Identity Provider, minimizing the burden on users even further.

  • Strong Security - SAML provides dotCMS with a secure, single sign-on protocol that the largest and most security-conscious enterprises trust.

  • Speed - SAML is fast, requiring only one redirect.

  • User Management - SAML centralizes user account management and authentication.

What improvements have been added to the SAML Module for dotCMS?

The SAML Module for dotCMS has been improved to use version 3 of the openSAML Library. Specifically, it uses OneLogin's open source SAML Java Toolkit to add SAML support to dotCMS.

The SAML Module’s use of the toolkit turns dotCMS into a SP that can be connected to various IdPs.

The SAML Module has been tested extensively and is compatible with the 3 primary IdPs: ADFS, Shibboleth, and Okta.

  • ADFS is Microsoft’s Active Directory Federation Service and runs on Windows Server OS to provide users with single sign-on access to external systems and applications.

  • Shibboleth is a middleware solution started and used primarily by universities, governments, and public institutions to provide an open-source solution for identity management.

  • Okta is a third-party enterprise-grade identity management service that was built for the cloud, but is compatible with many on-premises applications.

Additionally, SAML configuration info has been moved out of the host content type, and is now edited and configured via a newer, easier-to-use interface that is separate from the host interface. Configurations are saved to JSON files rather than content types, meaning that push-publishing is a safer endeavor for users of the SAML Module.

dotCMS Administrators now have access to a tool where configuration of SAML properties can be managed. With the tool, they can enable, disable, and change SP and IdP configurations either globally or per host.

The SAML Module provides a wealth of flexible options to ensure that integration with most major SAML IdP(s) is achieved. The features supported include:

  • SSO and SLO (SP-Initiated and IdP-Initiated)

  • Assertion and nameId encryption

  • Assertion signatures

  • Message signatures: AuthNRequest, LogoutRequest, LogoutResponses

  • Enablement of Assertion Consumer Service endpoint

  • Enablement of a Single Logout Service endpoint

  • Publishing the SP metadata (which can also be signed)

What versions of dotCMS will the SAML Module work with?

The SAML Module has been tested to work with dotCMS 4.3 and dotCMS 5. dotCMS 5 is set to be released in fall 2018. The module is compatible with dotCMS Enterprise and dotCMS Cloud.

About dotCMS:

dotCMS is a leading, open source content and customer experience management platform for companies that want innovation and performance driving their websites and other content-driven applications. Extensible and massively scalable, both small and large organizations can rapidly deliver personalized and engaging content across browsers, mobile devices, channels, second screens and endpoints -- all from a single system.

Founded in 2003, dotCMS is a privately-owned U.S. company with offices in Miami, Florida; Boston, Massachusetts and San Jose, Costa Rica. With a global network of certified development partners and an active open source community, dotCMS has generated more than a half-million downloads and thousands of implementations and integration projects worldwide. Notable dotCMS customers include: Telus, Standard & Poors, Hospital Corporation of America, Royal Bank of Canada, DirecTV, Thomson Reuters, China Mobile, Aon, and DriveTest Ontario.

About Ethode:

Ethode is a Software and Web Development company that develops, designs, and manages websites, scalable content management systems, ecommerce stores, mobile apps, and custom software applications for business, education, and non-profit clients. The company has helped companies bring new digital products and services to market, launch new websites, and solve business challenges with innovative software solutions.

Ethode is a global implementation partner of the dotCMS Partner Network, and was one of the first partners of dotCMS.

Founded in 2003 and adopting its current brand in 2010, Ethode is a privately-owned U.S. company with offices in Medina, Ohio and Atlanta, Georgia, and complemented by a remote team located throughout the U.S. Ethode has also started a subsidiary, LightSpeed Hosting, to provide clients with datacenter, application hosting, and cryptocurrency mining services.

Say Hello

Near the Cleveland, Akron or Medina area and want to stop by our office? Let us know and we'll get the coffee and whiteboards ready. :)