Search Results :

×

Joomla OAuth Client Integration with Azure AD B2C

The Joomla OAuth Client plugin uses the OAuth protocol to provide secure access to Joomla sites by enabling Azure AD B2C as the OAuth provider, simplifying the login process. This integration allows users to log in with their Azure AD B2C credentials, eliminating the need for multiple passwords. The plugin also features user profile attribute mapping, role mapping, and Azure multi-tenant login for access based on organizational roles. For more details about the features of the Joomla OAuth & OpenID Connect Client plugin, please visit our page here. Follow the steps below to set up Azure AD B2C OAuth SSO with Joomla.


In this configuration, Azure AD B2C functions as the OAuth server, while Joomla allows users to log in with their Azure AD B2C credentials by utilizing the Joomla OAuth Client Plugin.

  • Login into your Joomla site’s Administrator console.
  • From left toggle menu, click on System, then under Install section click on Extensions.
  • Now click on Or Browse for file button to locate and install the plugin file downloaded earlier.
  • Installation of plugin is successful. Now click on Get Started!
  • Under Configure OAuth -> Pre-Configured Apps tab, select your OAuth Provider. You can also search for custom OAuth or custom OpenID application in the search bar, and configure your own custom provider.
Get Started with OAuth Client Setup

  • After selecting your OAuth provider, you will be redirected to the Step 1 [Redirect URL] tab. Now copy the Callback/Redirect URL which we will use to configure Microsoft Entra ID as OAuth Server, then click on the Save & Next button.
Get Started with OAuth Client Setup

  • Log into the Azure Dashboard.
  • Click on Azure AD B2C under Azure services.
Azure Dashboard

  • Please make sure you are in the Azure AD B2C directory with an active subscription and if not, you can switch to the correct directory.
Azure AD B2C Directory

  • In the Essentials tab, you will find the Azure B2C domain name, keep it handy, you will need it later for configuring the Azure B2C tenant name under Joomla as an OAuth client.

What is Tenant Name?
You will need to copy the highlighted domain name portion only in order to configure the tenant name in the Joomla OAuth Client plugin. Eg. If your domain name is 'exampledomain.onmicrosoft.com', then your tenant name will be 'exampledomain'.


Azure Ad B2C Domain Name

  • Now, click on App registrations and then click on the New registration option to create a new Azure B2C application.
App registrations

  • Configure the following options to create a new application:
    • Enter a name for your application under the Name text field.
    • In supported account types, select 3rd option ‘Accounts in any identity provider or organizational directory (for authenticating users with user flows)’.
    • In the Redirect URI section, select the Web application and enter the Callback URL from the miniOrange OAuth Client plugin (Configure OAuth tab) and save it under the Redirect URL textbox.
    • Click on the Register button to create your application.
App registrations

  • Now go to the Overview tab of your registered application. Here, copy the Application ID and the Directory ID, this will be your Client ID and Tenant ID respectively.
Copy Client ID and Secret

  • Go to Certificates and Secrets from the left navigation pane and click on New Client Secret. Enter description and expiration time and click on Add option.
Certificates and Secrets

  • Copy the secret value from certificates & secrets page and keep it handy, you will need it later for configuring the Client Secret under Joomla as an OAuth Client plugin.
Enter Client Secret

  • Go back to your Joomla Dashboard. Then go to Step 2 [Client ID & Secret].
  • Paste the Client ID, Client Secret and Domain. Also Set Client Credentials In header then click on Save Settings. Once Settings are saved then click on Save Configuration.
Upload IdP
    Metadata

  • If you want to Enable Scopes, you can follow the following steps:
    • Go to Application -> Select the application where you want to enable scopes. Now, Go to the API Permissions tab.
    API Permissions

    • Click on the Add permission button, and then Microsoft Graph API -> Delegated Permissions and select openid, Profile scope and click on the Add Permissions button.
    Add Permissions

    • Click on the Grant admin consent for Default Directory button.
    Grant Consent

Scope Openid email Profile
Authorize Endpoint https://<domain-name>.b2clogin.com/<domain-name>.onmicrosoft.com/<policy-name>/oauth2/v2.0/authorize
Access Token Endpoint https://<domain-name>.b2clogin.com/<domain-name>.onmicrosoft.com/<policy-name>/oauth2/v2.0/token
Get User Info Endpoint https://graph.microsoft.com/v1.0/me
Set Client Credentials In Both (In Header and In Body)

  • User Attribute Mapping is mandatory for enabling users to successfully login into Joomla. We will be setting up user profile attributes for Joomla using below settings.
  • Go to Step 3 [Attribute Mapping] tab and click on Test Configuration button.
Upload IdP
    Metadata

  • You will be able to see the attributes in the Test Configuration output as follows.
Upload IdP
    Metadata

  • Now go to the Step 3 [Attribute Mapping] tab and Select the attribute name for Email and Username from dropdown. Then click on Finish Configuration button.
Upload IdP
    Metadata

  • Now go to Step 4 [SSO URL] tab, here copy the Login/SSO URL and add it to your Site by following the given steps.
Upload IdP
    Metadata

  • Now logout and go to your Joomla site's pages where you have added this link. You will see a login link where you placed that button. Click on this button to perform SSO.


ADFS_sso ×
Hello there!

Need Help? We are right here!

support