Configure IdentityServer4 Single Sign-On (SSO) with Joomla OAuth Client Plugin

Overview

Single Sign-On (SSO) with IdentityServer4 in Joomla uses OAuth Authorization to provide users secure access to the Joomla site. With our Joomla OAuth Single Sign-On (SSO) plugin, IdentityServer4 acts as the OAuth provider, ensuring secure login for Joomla websites.

The integration of Joomla and IdentityServer4 simplifies and secures the login process using OAuth protocol. This solution allows users to access their Joomla sites with Single Sign-On (SSO) using their IdentityServer4 credentials, completely removing the need to store, remember, and reset multiple passwords.

In addition to offering OAuth Single Sign-On (SSO) using IdentityServer4 credentials, the plugin also provides advanced SSO features like user profile attribute mapping, role mapping, and Azure multi-tenant login and providing site access based on organization email domains. For further insights into the array of features we offer within the Joomla OAuth & OpenID Connect Client plugin, kindly visit our page here. You can follow the below steps to setup IdentityServer4 OAuth SSO with Joomla.

Configuration Steps

In this configuration, IdentityServer4 functions as the OAuth server, while Joomla allows users to log in with their IdentityServer4 credentials by utilizing the Joomla OAuth Client Plugin.

Step 1: Install Joomla OAuth Client Plugin

• Login into your Joomla site’s Administrator console.
• From left toggle menu, click on System, then under Install section click on Extensions.
• Now click on Or Browse for file button to locate and install the plugin file downloaded earlier.
• Installation of plugin is successful. Now click on Get Started!
• Under Configure OAuth -> Pre-Configured Apps tab, select your OAuth Provider. You can also search for custom OAuth or custom OpenID application in the search bar, and configure your own custom provider.

• After selecting your OAuth provider, you will be redirected to the Step 1 [Redirect URL] tab. Now copy the Callback/Redirect URL which we will use to configure IdentityServer4 as OAuth Server, then click on the Save & Next button.

Step 2: Configure IdentityServer4 as OAuth Server

• Set up IdentityServer4 using guidelines provided here.
• From Here Configure OAuth tab in Oauth Client plugin, collect Redirect/Callback URL and enter it into your IdentityServer4.
• Copy your Client ID and Client Secret and save it on your miniOrange OAuth Client plugin Configuration.
• You have successfully completed your IdentityServer4 OAuth Server side configurations.
• In Plugin, Add identity server.
• Enter your app name and use the following information to fill the details.
• Go to Configure OAuth tab and configure App Name, Client ID, Client Secret from provided Endpoints.
• openid is already filled but if it doesn't work then configure scope as User.Read and for fetching group info use scope is Directory.read.all.

Step 3: Configure Client ID & Secret

• Go back to your Joomla Dashboard. Then go to Components.
• Go to the Step 2 [Client ID & Secret] tab of the Joomla OAuth Client plugin, here paste the Client ID, Client Secret and Tenant. Click on the Save Configuration button.

• Please refer the below table for configuring the scope & endpoints for IdentityServer4 in the plugin.

Scope	email profile oneroster full
Authorize Endpoint:	https://<your-domain>/connect/authorize
Access Token Endpoint:	https://<your-domain>/connect/token
Get User Info Endpoint:	https://<your-domain>/connect/userinfo
Custom redirect URL after logout[optional]:	https://<your-domain>/connect/endsession?id_token_hint=##id_token##
Set Client Credentials:	In Both (In Header and In Body)

Step 4: Configure Attribute Mapping

• User Attribute Mapping is mandatory for enabling users to successfully login into Joomla. We will be setting up user profile attributes for Joomla using below settings.
• Go to Step 3 [Attribute Mapping] tab and click on Test Configuration button.

• You will be able to see the attributes in the Test Configuration output as follows.

• Now go to the Step 3 [Attribute Mapping] tab and Select the attribute name for Email and Username from dropdown. Then click on Finish Configuration button.

Step 5: Setup Login/SSO URL

• Now go to Step 4 [SSO URL] tab, here copy the Login/SSO URL and add it to your Site by following the given steps.

• Now logout and go to your Joomla site's pages where you have added this link. You will see a login link where you placed that button. Click on this button to perform SSO.

Related Articles

• What is OAuth 2.0?
• Frequently Asked Questions (FAQs)
• How to configure OAuth/OpenID Connect SSO with Azure AD?
• How to configure OAuth/OpenID Connect SSO with Salesforce?
• How to configure OAuth/OpenID Connect SSO with AWS Cognito?
• How to configure OAuth/OpenID Connect SSO with Discord?
• How to configure OAuth/OpenID Connect SSO with Facebook?
• How to configure OAuth/OpenID Connect SSO with Google Apps?
• How to configure OAuth/OpenID Connect SSO with Keycloak?