IB Solutions Logo IB Solutions
contact
Back to clients

SteadyVision: Expression Engine SSO Integration

Building enterprise authentication from scratch on a legacy CMS platform without existing SSO infrastructure

SteadyVision: Expression Engine SSO Integration
Company: SteadyVision
Industry: Technology
Website:
Provided services:
Web Development

At a Glance

  • Expression Engine - SSO built for legacy CMS with no existing solutions
  • Ground-up development - no existing plugins or libraries to extend
  • Different architecture - Expression Engine's add-on system differs significantly from modern CMS platforms

Lead Web Engineer responsible for building a custom SAML Single Sign-On plugin for SteadyVision’s Expression Engine website (via Solspace Inc.). Unlike Craft CMS or WordPress, Expression Engine had no existing enterprise SSO solutions available, requiring ground-up development.

The Challenge

Expression Engine presented unique challenges compared to other CMS platforms:

  • No existing solutions: While Craft CMS had emerging SSO plugins and patterns, Expression Engine’s ecosystem had no enterprise authentication options
  • Different plugin architecture: Expression Engine’s add-on system (modules, extensions, fieldtypes) works fundamentally differently than modern CMS platforms
  • Legacy member system: Expression Engine’s member management predates modern authentication patterns, requiring careful integration
  • Limited documentation: SAML implementation resources for Expression Engine were essentially non-existent

What I Built

Custom Expression Engine Module:

  • Built a complete SAML 2.0 authentication module from scratch using Expression Engine’s add-on architecture
  • Implemented the full SAML flow: SP-initiated login, assertion parsing, signature validation
  • Integrated with Expression Engine’s member system for user creation and updates

Member System Integration:

  • Mapped SAML attributes to Expression Engine’s member fields
  • Handled automatic member creation on first SSO login
  • Synchronized member data on subsequent authentications
  • Managed member group assignments based on identity provider roles

Authentication Flow:

  • Seamless redirect to identity provider for login
  • Proper handling of SAML responses and assertions
  • Session management integrated with Expression Engine’s native session handling

Technical Approach

Building for Expression Engine required adapting modern authentication patterns to an older platform architecture:

  • Used Expression Engine’s extension hooks to intercept authentication events
  • Built the SAML library integration from first principles rather than relying on existing packages
  • Created admin control panel interface for configuration using Expression Engine’s CP patterns
  • Implemented PHPUnit tests despite Expression Engine’s limited testing infrastructure

Outcome

The integration gave SteadyVision enterprise-grade SSO on a platform that had no existing solutions. Users authenticate through their corporate identity provider and access the Expression Engine website seamlessly, with automatic account provisioning and role synchronization.

This project demonstrated that enterprise authentication requirements can be met even on legacy platforms when off-the-shelf solutions do not exist.

Interested in Similar Work?

If you're looking for similar solutions or want to discuss your project, I'd be happy to help.

Implemented solutions:

Used technologies: