Hello there!

Need Help? We are right here!

Support Icon
miniOrange Email Support
success

Thanks for your Enquiry. Our team will soon reach out to you.

If you don't hear from us within 24 hours, please feel free to send a follow-up email to info@xecurify.com

Search Results:

×

Custom Database Connection using miniOrange for Authentication


What is authentication using Custom Database Connection?

miniOrange provides the ability for database connection and use it as authentication user store to enable Single Sign-on (SSO), Multi-factor authentication, etc. for your external applications. Here, miniOrange makes custom database work as user store for authentication. Users will login using their custom database credentials only once and have a seamless SSO login into the other applications. We develop connection between miniorange and your database as user store.

What is a custom database and why use miniOrange for authentication?

  • A custom database can be any DB which you can use for saving user data and other user information for your custom application for authentication or login or any other purposes. miniOrange provides connection support for all the popular custom database, such as MongoDB, MySQL, MS-SQL, Oracle, PostgreSQL, SQL Server, etc.
  • The highlighting feature for using custom database connection for authentication and login is that you do not have to move your identities to any other place. So all user data is secure in your DB itself.
  • Enable Single Sign-on, MFA for authentication on your Custom applications or CRM/HRM/CMS/LMS where users are stored in DB and do not support any Single Sign-On protocol inherently like Wordpress, Moodle, Drupal or rather any custom application which is storing the users.
  • miniOrange provides provisioning for on-the-fly user creation at the time of SSO login and you can import users using JSON / CSV file.
  • Configure multiple user store for login to your applications with multiple authentication protocol support such as SAML, OAauth, etc. for different user groups based on roles and responsibilities.

Get Free Installation Help


miniOrange offers free help through a consultation call with our System Engineers to set up our on-premise server.

For this, you need to just send us an email at idpsupport@xecurify.com to book a slot and we'll help you in no time.



1. Setup custom Database connection as user store

  • Login into miniOrange Admin Console.
  • miniOrange Identity Platform Admin Handbook: External Directories

  • Go to External Directories >> Add Directory button
  • miniOrange Identity Platform Admin Handbook: Add Directory

  • Select the directory you want to configure and fill in the required details.
  • Select the Database tab.
  • miniOrange Identity Platform Admin Handbook: Select Database

  • Enter the custom Database user store Identifier. It can be any name relevant to the User store.
  • Select the DB type, we currently support:-
    • MySQL
    • MariaDB
    • OracleDB
    • MS-SQL
    • Postgres-SQL
  • Database Type Connection URL Port Number Default
    My-SQL/MariaDB
    jdbc:mysql://hostname:port/database-name
    3306
    MS-SQL
    jdbc:sqlserver://hostname:port/database-name
    1433
    Postgres sql
    jdbc:postgresql://hostname:port/database-name
    5432
    OracleDB
    jdbc:oracle:thin:@hostname:port/database-name
    1521
  • Database hostname:port (you can check with your administrator for this). For defaults port numbers, refer to defaults given above.
  • The custom Database name (database-name) is the database in which your users are stored.
  • Enter the Username and Password of the user which has permissions to access the DB mentioned above.
  • Enter the Table name, where users are stored for authentication.
  • Enter the column name for Usernames (which can be Email-address, Unique IDs) and Password respectively.
  • Add attributes allows us to send attributes from DB to any configured application. You can write a query to fetch the attributes which should be of below format:
  • For example, We want to fetch FirstName from table users with a where clause and username, the '?' will be replaced by the actual username fetched from the Username column mentioned above.
    SELECT '##USERNAME##', username FROM USERS  WHERE USERNAME=?
  • Select the Hashing type used for hashing the password. We support the below Hashing types:
    1. SHA256
    2. SHA512
    3. SHA1
    4. MD5
    5. PHPPASS
    6. BCRYPT
  • For the Attribute Mapping, the attributes from the database can be mapped to custom attribute names when they are sent to the Service Provider (SP).
  • For eg. If you receive an email from the "Email" attribute from the DB, and need to send it under the "Mail" attribute in the SP, you need to map "Mail" in the left section to "Email" in the right section.
  • Enter Database information

2. Testing database connection

  • After clicking on save, click on Select-> Test Connection. Enter the login credentials of the user stored in the DB (user store) for testing if the database connection is correctly set up.
  • Test connection for MySQL Database

3. Configure Your application in miniOrange

  • Login into miniOrange Admin Console.
  • miniOrange Identity Platform Admin Handbook: Dashboard applications

  • Go to Apps > Add Application button.
  • miniOrange Identity Platform Admin Handbook: Add application

  • In Choose Application Type click on Create App button in SAML/WS-FED application type.
  • miniOrange Identity Platform Admin Handbook: select SAML application

  • In the next step, search for your application from the list, if your application is not found. Search for "custom" and you can set up your app via Custom SAML App.
  • miniOrange Identity Platform Admin Handbook: Search custom applciation

  • In the Basic Settings tab, import the SP metadata by clicking on the Import SP metadata button.
  • miniOrange Identity Platform Admin Handbook: Import SP Metadata

  • Enter the app name as per your preference and click on File if you have a metadata file or the URL if you have the application’s metadata URL. You will be able to get both information from your application.
  • After choosing the appropriate option click on Import.
  • miniOrange Identity Platform Admin Handbook: Import

    URLYou get the URL for Metadata information from the Service Provider, you can directly add this URL in the input field provided
    TextWhen you select Text option, you will have to fill all the attributes manually
    FileWhen you select File option, you can directly upload the XML file containing all the information.
  • Here is a description of what each field under the Basic Settings section means.
    • SP Entity ID is used to identify your app against the SAML request received from SP. The SP Entity ID or Issuer can be in either URL or in String format.
    • ACS URL or Assertion Consumer Service URL defines where the SAML Assertion should be sent after authentication. Make sure the ACS URL is in the format: https://www.domain-name.com/a/[domain_name]/acs.
    • Audience URI, as the name suggests, specifies the valid audience for SAML Assertion. It is usually the same as SP Entity ID. If Audience URI is not specified separately by SP, leave it blank.
    • Single Logout URL - The URL where you want the logout request to be consumed and where your users should be redirected after single logout from the applications.
    • Single Logout URL - The URL where you want the logout request to be consumed and where your users should be redirected after single logout from the applications.
  • Click Next, to go to the Attribute Mapping page. Here you can add and configure the attributes to be sent to the app.
  • miniOrange Identity Platform Admin Handbook: Add attributes

  • Here is a description of what each field under the Attribute Mapping section means
    • NameID defines what SP is expecting in the subject element of SAML Assertion. Generally, NameID is Username of Email Address
    • NameID format defines the format of subject element content, i.e. NameID. For example, Email Address NameID format defines that the NameID is in the form of an email address, specifically “addr-spec”. An addr-spec has the form local-part@domain, has no phrase (such as a common name) before it, has no comment (text surrounded in parentheses) after it, and is not surrounded by “<” and “>”. If NameID format is not externally specified by SP, leave it unspecified.
    • You can Add Attributes to be sent in SAML Assertion to SP. The attributes include user’s profile attributes such as first name, last name, full name, username, email, custom profile attributes, and user groups, etc.
  • In Login policy, you can choose the specific group of users from the dropdown for which you want to enable the policy. Provide a policy name and you can enable either 2 Factor Authentication (MFA) or Adaptive Authentication.
  • miniOrange Identity Platform Admin Handbook: edit login policy

  • Select a Group Name from the dropdown – the group which should have access to the SAML SSO using this app.
  • Give a policy name for Custom App in Policy Name.
  • Select the Login Method Type for authentication like Password, Mobile, etc.
  • Enable 2 Factor/Adaptive for authentication if required.
  • Click on Save button to add policy for Apps (Single Sign-On).
  • In Advanced settings, you can configure the following settings -
  • miniOrange Identity Platform Admin Handbook: edit advanced settings

    Relay State Enter the URL where you want the user to redirect after sign in to the application.
    Override Relay state Enable this to override the default relay state of the SP
    Show On End User Dashboard Disable this if you do not want the app to be visible for all users on end user dashboard
    Signed Request Enable this to sign the request sent by SP to IdP. Provide the X509 certificate or upload the certificate.
    Signature Algorithm Select the algorithm that will be used to sign the SAML request/response.
    Encrypt Assertion Select this if you want to encrypt the assertion in SAML response and provide the algorithm and certificate for encryption.
    SAML Authentication Validity Period The time for which the authentication should be considered valid and the user should be able to perform SSO. After that, the user will have to sign in again.
    Add Name Format Enable this to choose a custom name format based on the SP.
    Name Format Select the format that is supported by the SP.
    Identity Source Select the identity source from where you want the authentication to happen. You will see the list of all configured sources.
    Force Authentication Enable this to enforce authentication on each request to access the application.
    Logout Response Binding A Logout Response is sent in reply to a Logout Request from SP. It could be sent by an Identity Provider or Service Provider.
    IdP initiated Logout Request Binding A Logout Response is sent in reply to a Logout Request from the IdP dashboard. It could be sent by an Identity Provider or Service Provider.
    • HTTP Redirect - A Logout Response with its Signature
    • HTTP POST - A Logout Response with the signature embedded
  • Click on Save. Your application is saved successfully.

Configure Service Provider (SP)


  • From the list of Apps configured, you can locate the app you created, you can see the Select >> Metadata option present in front of that specific app.
  • miniOrange Identity Platform Admin Handbook: select metadata

  • On the Metadata page, click on Show Metadata Details and choose either of the two Metadata options:
  • miniOrange Identity Platform Admin Handbook: show metadata details

  • If you want to use miniOrange as a User-Store i.e., your user identities will be stored in miniOrange then download the metadata file under the heading 'INFORMATION REQUIRED TO SET miniOrange AS IDP'.
  • If you want to authenticate your users via any external Identity Provider like Active Directory, Okta, OneLogin, etc then download the Metadata file under the heading 'INFORMATION REQUIRED TO AUTHENTICATE VIA EXTERNAL IDPS'
  • miniOrange Identity Platform Admin Handbook: Download certificate

4. User Provisioning with database

  • Navigate to Provisioning settings.
  • User provisioning

  • Select the Database from the drop-down menu.
  • Check the provisioning features.
  • Provisioning users from MySQL database

  • To import the users from Database, go to the User Provisioning, Click on the Import Users button.
  • Select the Database from the drop-down menu and save the configuration.
  • Importing users from MySQL database

  • Now go to the Users >> User List and you will find the all the users imported from Database.
  • Database Authentication user provisioning user list

Want To Schedule A Demo?

Request a Demo
  



Our Other Identity & Access Management Products