Does Piwik support SAML


I know Piwik supports LDAP auth but can it also support SAML authentication to login to the application ? trying to setup access to users using SAML.


See: Release LoginSamlSSO plugin on the Marketplace · Issue #8673 · matomo-org/piwik · GitHub

It looks like this project has stalled out. Bummer. I’m not sure if this would help, but I have an idea which might be simpler.

Bugzilla does not support SAML directly. But it does have the ability to take the username from an environment variable set on the server. The Apache HTTP server can do SAML authentication directly with mod_auth_mellon.

So my idea is to create a plug-in which doesn’t implement SAML but rather pulls the username from an environment variable like MELLON_NAME_ID.

This solution isn’t as feature rich. It will never support things like de-provisioning and single sign-out. But the narrow scope means it could be implemented in relatively short order. And on the upside, I’ve found that doing SAML in the webserver as opposed to the application makes my configs simpler and more consistent.

You may be able to easily modify this existing HTTP AUTH plugin for this purpose:

SAML plugin is now available on the Marketplace! Please learn more here:

and in our SAML User Guides: Login with SAML Authentication - Analytics Platform - Piwik
and the Login SAML Faqs: SAML Login - Analytics Platform - Piwik

If you need help we can provide some support for SAML, learn more here: Support for SAML Authentication with Piwik Analytics - Analytics Platform - Piwik