Joomla OAuth Client Integration with Azure AD B2C Single Sign-On (SSO)
Single Sign-On (SSO) with Azure AD B2C in Joomla uses OAuth authorization protocol to provide users secure access to the Joomla site. With our Joomla OAuth Single Sign-On (SSO) plugin, Azure AD B2C acts as the OAuth provider, ensuring secure login for Joomla websites.
The integration of Joomla and Azure AD B2C simplifies and secures the login process using OAuth protocol. This solution allows users to access their Joomla sites with Single Sign-On (SSO) using their Azure AD B2C credentials, completely removing the need to store, remember, and reset multiple passwords.
In addition to offering OAuth Single Sign-On (SSO) using Azure AD B2C credentials, the plugin also provides advanced SSO features like user profile attribute mapping, role mapping, and Azure multi-tenant login and providing site access based on organization roles. For further insights into the array of features we offer within the Joomla OAuth & OpenID Connect Client plugin, kindly visit our page here. You can follow the below steps to setup Azure AD B2C OAuth SSO with Joomla.
Pre-requisites : Download And Installation
Step 1: Install Joomla OAuth Server Plugin
- Login into your Joomla site’s Administrator console.
- From left toggle menu, click on System, then under Install section click on Extensions.
- Now click on Or Browse for file button to locate and install the plugin file downloaded earlier.
- Installation of plugin is successful. Now click on Start Using miniOrange OAuth Server plugin.
- Under the Configure OAuth tab, click on the ADD button.
Steps to configure OAuth SSO into Joomla
1. Configure Callback/Redirect URL
- After selecting your OAuth provider, you will be redirected to the Step 1 [Redirect URL] tab. Now copy the Callback/Redirect URL which we will use to configure the OAuth Server, then click on the Save & Next button.
- Sign in to Azure portal.
- Go to Home and in the Azure services, select Azure AD B2C.
- Please make sure you are in the Azure AD B2C directory with an active subscription and if not, you can switch to the correct directory.
- In the Essentials tab, you will find the Azure B2C domain name, keep it handy, you
will need it later for configuring the Azure B2C tenant name under Joomla as an OAuth client.
What is Tenant Name?
You will need to copy the highlighted domain name portion only in order to configure the tenant name in the Joomla OAuth Client plugin.
Eg. If your domain name is 'exampledomain.onmicrosoft.com', then your tenant name will be 'exampledomain'. - Now, click on App registrations and then click on the New registration option to create a new Azure B2C application.
- Configure the following options to create a new application:
- Enter a name for your application under the Name text field.
- In supported account types, select 3rd option ‘Accounts in any identity provider or organizational directory (for authenticating users with user flows)’
- In the Redirect URI section, select the Web application and enter the Callback URL from the miniOrange OAuth Client plugin (Configure OAuth tab) and save it under the Redirect URL textbox.
- Click on the Register button to create your application.
2. Configure Client ID and Secret
- After successful application creation, you will be redirected to the newly created application’s overview page. If not, you can go to the app registrations and search the name of your application and you will find your application in the list.
- Copy your Application ID and keep it handy, you will need it later for configuring the Client ID under Joomla as an OAuth Client plugin.
- Now, click on Certificates and secrets and then click on New client secret to generate a client secret. Enter a description and click on the Add button.
- Copy the secret value from certificates & secrets page and keep it handy, you will need it later for configuring the Client Secret under Joomla as an OAuth Client plugin.
- Go to the Step 2 [Client ID & Secret] tab of the Joomla OAuth Client plugin, here paste the Client ID, Client Secret and Tenant. Click on the Save Configuration button.
2.1. Scope & Endpoints
- Please refer the below table for configuring the scope & endpoints for Azure AD B2C in the plugin.
|
Scope:
openid
|
|
Authorize Endpoint:
https://<domain-name
>.b2clogin.com/<domain-name>.onmicrosoft.com/<policy-name>/oauth2/v2.0/authorize
|
|
Access Token Endpoint:
https://<domain-name>.b2clogin.com/<domain-name>.onmicrosoft.com/<policy-name>/oauth2/v2.0/token
|
|
Get User Info Endpoint:
https://graph.microsoft.com/v1.0/me
|
|
Custom redirect URL after logout [optional]:
https://<domain-name>.b2clogin.com/<domain-name>.onmicrosoft.com/<policy-name>/oauth2/v2.0/logout?post_logout_redirect_uri=<your
url>
|
|
Set Client Credentials:
In Both (In Header and In Body)
|
2.2. Add Users in your B2C application
- In home page, go to the Users tab in the left corner
- Click on New user in the users page
- Select Create Azure AD B2C user. Then, scroll down and click on Email from sign in method and set your password and click create to save the user details to perform test configuration.
2.3. How to create & add Azure B2C Policy
- Go to User Flows tab and then click on New user flow.
- Select a User flow type Sign up and Sign in then click on Create button.
- Fill all the information e.g. Name, Identity providers, etc. then click on Create button.
- Copy the Policy name this value whenever you need to enter Azure B2C Policy in miniOrange OAuth Client plugin.
2.4. Add user claims to your application
- Go to user flows under policies in the left corner. Select the configured policy.
- Select Application claims in settings
- Select the desired attributes to be displayed on the test configuration and save it.
Step 4: Configure Attribute Mapping
- User Attribute Mapping is mandatory for enabling users to successfully login into Joomla. We will be setting up user profile attributes for Joomla using below settings.
- Go to Step 3 [Attribute Mapping] tab and click on Test Configuration button.
- You will be able to see the attributes in the Test Configuration output as follows.
- Now go to the Step 3 [Attribute Mapping] tab and Select the attribute name for Email and Username from dropdown. Then click on Finish Configuration button.
Step 5: Setup Login/SSO URL
- Now go to Step 4 [SSO URL] tab, here copy the Login/SSO URL and add it to your Site by following the given steps.
- Now logout and go to your Joomla site's pages where you have added this link. You will see a login link where you placed that button. Click on this button to perform SSO.
Related Articles
In this guide, you have successfully configured Joomla Azure AD B2C Single Sign-On (SSO) by configuring Azure AD B2C as OAuth Provider and Joomla as OAuth Client using our Joomla OAuth Client plugin.This solution ensures that you are ready to roll out secure access to your Joomla site using Azure AD B2C login credentials within minutes.
Joomla Azure Integrator
Additional Resources
- What is OAuth 2.0?
- Frequently Asked Questions (FAQs)
- How to configure OAuth / OpenID Connect SSO with Salesforce
- How to configure OAuth / OpenID Connect SSO with AWS Cognito
- How to configure OAuth / OpenID Connect SSO with Discord
- How to configure OAuth / OpenID Connect SSO with Facebook
- How to configure OAuth / OpenID Connect SSO with Google Apps
- How to configure OAuth / OpenID Connect SSO with Instagram
- How to configure OAuth / OpenID Connect SSO with Keycloak
Mail us on joomlasupport@xecurify.com for quick guidance(via email/meeting) on your requirement and our team will help you to select the best suitable solution/plan as per your requirement.
Need Help? We are right here!
