What is authentication using Custom Database Connection?
MiniOrange provides the ability for database connection and use it as authentication user store to enable Single Sign-on (SSO), Multi-factor authentication, etc. for your external applications. Here, miniOrange makes custom database work as user store for authentication. Users will login using their custom database credentials only once and have a seamless SSO login into the other applications. We develop connection between miniorange and your database as user store.
What is a custom database and why use miniOrange for authentication?
- A custom database can be any DB which you can use for saving user data and other user information for your custom application for authentication or login or any other purposes. miniOrange provides connection support for all the popular custom database, such as MongoDB, MySQL, MS-SQL, Oracle, PostgreSQL, SQL Server, etc.
- The highlighting feature for using custom database connection for authentication and login is that you do not have to move your identites to any other place. So all user data is secure in your DB itself.
- Enable Single Sign-on, MFA for authentication on your Custom applications or CRM/HRM/CMS/LMS where users are stored in DB and do not support any Single Sign-On protocol inherently like Wordpress, Moodle, Drupal or rather any custom application which is storing the users.
- miniOrange provides provisioning for on-the-fly user creation at the time of SSO login and you can import users using JSON / CSV file.
- Configure multiple user store for login to your applications with multiple authentication protocol support such as SAML, OAauth, etc. for different user groups based on roles and responsibilities.
Step 1: Setup custom Database connection as user store
- Login into your miniOrange Admin console and navigate to User Stores->Add User Store, and select the Database Tab.
- Enter the custom Database user store Identifier it can be any name relevant to the User store.
- Select the DB type, we currently support:-
||Port Number Default
- Database HostName (You can check with your administrator for this) and port number (refer to defaults above)
- The custom Database name (database-name) to establish connection with, which stores the users.
- Enter the Username and Password of the user which has permissions to access the DB mentioned above.
- Enter the Table name, where users are stored for authentication.
- Enter the column name for Usernames (which can be Email-address, Unique IDs) and Password columns respectively.
- Add attributes allows us to send attributes from DB to any configured application. You can write a query to fetch the attributes which should be of below format:
For example, We want to fetch FirstName from table users with a where clause and username, the '?' will be replaced by the actual username fetched from the Username column mentioned above.SELECT 'FirstName' as VALUE, FirstName FROM `users` WHERE username = ?;
- Select the Hashing type used for hashing the password. We support the below Hashing types:
Default Settings for Wordpress as User store:
- You can access wp-config.php in the root Wordpress folder to get the DB hostname, port number, DB name using the below keys.
|Admin username and Password
||DB_USER and DB_PASSWORD
- Attribute Query example for First Name: SELECT 'first_name' as VALUE, first_name FROM `wp_usermeta` WHERE userid= (select ID from wp_users where user_login=?);
Step 2: Testing database connection:
After clicking on save, click on Select-> Test Connection. Enter the login credentials of the user stored in the DB (user store) for testing if the database connection is correctly set up.
Step 3: Configure Your application in miniOrange
- Login to miniOrange Admin Console.
- Go to Apps >> Manage Apps. Click on Configure Apps button.
- Then click on Create App under SAML.
- Search for you Application. In case you do not find your app, search for Custom SAML App.
- Get the ACS URL and SP Entity ID from your application.
- Enter the following values OR click on Import SP Metadata:
|Service Provider Name
|| Choose appropriate name according to your choice
|SP Entity ID or Issuer
||Your Application Entity ID
|ACS URL X.509 Certificate (optional)
||Your Application Assertion Consumer Service URL
- Click on Save to configure Your applcation.
- Now to get the IDP metadata of the app configured, Go to apps >> your_app >> select >> metadata tab.
- Click on the Show Metadata details in the Information required to Authenticate via External IDPs section. Download the metadata XML file by clicking on Download Metadata button or copy the Metadata URL link.
- You need to Upload this metadata in your application.
Step 4: User Provisioning with database
- Navigate to Users-> User Provisioning settings.
- Select the custom Databasefrom the drop down menu.
- Check the provisioning features.
- To import the users from connected Database, go to the User Provisioning, Click on the Import Users button.
- Select the Database from the drop down menu and save the configuration.
- Now go to the Users >> User List and you will find the all the users imported from Database.