OAuth / OpenID Connect Single Sign-On (SSO) into Joomla using Azure AD | Azure AD SSO Login




What is OAuth / OpenID?


OAuth Server / OpenID Connect Server (OAuth 2.0 Server) also known as Authorization Server, It is the modern standard for securing access to APIs & implements network protocol flows which allow a client (OAuth Client) to act on behalf of a user. OAuth Server allows clients to verify the identity of end-users based on the authentication performed by an Authorization Server and also to obtain basic profile (Scope) information about the end-users in an interoperable and REST-like manner.


How does OAuth / OpenID work?


OAuth 2.0 Server is used to set up any Application as Identity Server to allow users to Single Sign-On / Login into their client site/application with login using OAuth / OpenID Connect protocol flows. The primary goal of this OAuth 2.0 server / Oauth Provider is to allow users to interact with multiple apps without requiring them to store sensitive credentials. You can easily configure an OAuth 2.0 / OpenID Connect server to protect your API with access tokens, or allow clients to request new access tokens and refresh them.


Joomla OAuth & OpenID Connect Single Sign-On (SSO) plugin enables secure login into Joomla using Azure AD (Active Directory) as OAuth and OpenID Connect provider. You can also configure the plugin using different Oauth providers such as Azure B2C, Office 365, and other custom providers. It supports advanced Single Sign-On (SSO) features such as user profile Attribute mapping, Role mapping, multi-tenant login, etc. Here we will go through a guide to configure SSO between Joomla and Azure AD (Active Directory). By the end of this guide, users should be able to login to Joomla from Azure AD (Active Directory).

click here to know more about other features we provide in Joomla OAuth Single Sign-On ( OAuth & OpenID Connect Client ) plugin

You can refer the steps to Configure Microsoft Azure AD (Active Directory) with the Joomla OAuth Client plugin

from the Video or Documentation given below





Step 1: Setup Azure Active Directory as OAuth Provider

  • Sign in to Azure portal.
  • Click on Azure Active Directory from Azure services.
  • Azure Active Directory (AD) Oauth sso Joomla, Microsoft Azure AD (Active Directory) SSO Login
  • In the left-hand navigation pane, click the App registrations service, and click New registration.
  • Azure Active Directory (AD) Oauth sso Joomla, Microsoft Azure AD (Active Directory) SSO App-Registration
  • When the Create page appears, enter your application's registration information:
  • Name : Name of your application.
    Application type:
    1. Select "Native" for client applications that are installed locally on a device. This setting is used for OAuth public native clients
    2. Select "Web app / API" for client applications and resource/API applications that are installed on a secure server. This setting is used for OAuth
      confidential web clients and public user-agent-based clients. The same
      application can also expose both a client and resource/API.
    Sign-on URL :
    1. For "Web app / API" applications, provide the base URL of your app.
      eg, https://<domain-name>/oauth/callback might be the URL for a web
      app running on your local machine. Users would use this URL to sign in to a web client application.
    2. For "Native" applications, provide the URI used by Microsoft Azure AD (Active Directory) to return token responses. Enter a value specific to your application.
      eg, https://localhost/Joomla
    Azure Active Directory (AD) Oauth sso Joomla, Microsoft Azure AD (Active Directory) SSO registration
  • When finished, click Register. Azure AD assigns a unique Application ID to your application. Copy Application ID and the Directory ID, this will be your Client ID and Tenant ID respectively.
  • Azure Active Directory (AD) Oauth sso Joomla, Microsoft Azure AD (Active Directory) SSO Overview
  • Go to Certificates and Secrets from the left navigaton pane and click on New Client Secret. Enter description and expiration time and click on ADD option.
  • Azure Active Directory (AD) Oauth sso Joomla, Microsoft Azure AD (Active Directory) SSO secret-Key
  • Copy value. This will be your Secret key.
  • Azure Active Directory (AD) Oauth sso Joomla, Microsoft Azure AD (Active Directory) SSO Secret-Key-2
  • Microsoft Azure AD (Active Directory) Endpoints and scope:
  • Client ID : Click here
    Client Secret : Click here
    Scope: OpenID email profile
    Authorize Endpoint: https://login.microsoftonline.com/[tenant-id]/oauth2/v2.0/authorize
    Access Token Endpoint: https://login.microsoftonline.com/[tenant-id]/oauth2/v2.0/token
    Get User Info Endpoint: https://graph.microsoft.com/beta/me

Step 1.1: Group Mapping [Premium]

  • Go to Application → Select the application where you want to configure the group mapping. Now, Go to the API Permissions tab.
  • Azure Active Directory (AD) Oauth sso Joomla, Microsoft Azure AD (Active Directory)
  • Click on the Add permission button, and then Microsoft Graph API -> Delegated Permissions and select openid, Profile scope and click on the Add Permissions button.
  • Azure Active Directory (AD) Oauth sso Joomla, Microsoft Azure AD (Active Directory)
  • Click on the Grant consent for Demo button.
  • Go to Manifest tab and find groupMembershipClaims and changes it’s value to "All" and click on the save button.
  • Azure Active Directory (AD) Oauth sso Joomla, Microsoft Azure AD (Active Directory)
  • Now you would be able to get the group's value in the Test configuration window.

Step 2: Configure miniOrange Joomla OAuth Client plugin.

  • Download the zip file for the miniOrange OAuth Client plugin for Joomla from the link here.
  • oauth provider the zip for Joomla
  • Login into your Joomla site’s administrator console.
  • Go to Extension Manage Install in the top navigation bar to install the plugin.
  • joomla oauth provider plugin
  • Upload the downloaded zip file to install the OAuth Client plugin.
  • joomla oauth provider zip
  • Navigate to Extensions Manage Manage and search for miniorange in the Search bar provided to see the list of the components.
  • Go to Components MiniOrange OAuth Client Configure OAuth tab from the top navigation bar to go to the configuration page of the plugin.
  • joomla oauth provider OAuth Client
  • Select your OAuth Provider from the Select Application dropdown. In case your OAuth Provider is not listed in the drop down, please select Custom OAuth Provider to continue.
  • joomla oauth provider OAuth tab joomla oauth provider OAuth tab
  • Fill in the details you received from your OAuth Provider.
  • Copy the Redirect/Callback URL given in the plugin and click on the Save Settings button to save details in your OAuth Provider.
  • Click on the Test Configuration button and copy the email and name attributes and save these attributes in Email Attribute and Name Attribute text field respectively. Now click on the Save Attribute Mapping button to save your configurations.
  • joomla oauth provider OAuth tab joomla oauth provider Attribute Mapping
  • Use the Login URL to perform the SSO of your pre-configured OAuth/OpenID Connect Provider, (After completing test configuration please copy the Login URL and Add a button on your site login page).
  • Joomla OAuth Client - Login URL
  • Now logout and go to your Joomla site's pages where you have added this link. You will see a login link where you placed that button. Click on this button to perform SSO.
  • Congratulations, you have successfully configured the miniOrange OAuth Client plugin with your desired OAuth Provider.
  • Click on the Upgrade Plans tab to check out our complete list of features and various licensing plans. OR you can click hereto check features and licensing plans
  • If you want to purchase any of the paid version of the plugin, you have to register/login with us in Account Setup tab. OR you can register/login Here
  • In case, you are facing some issue or have any question in mind, you can reach out to us by sending us your query through the Support button in the plugin or by sending us a mail at joomlasupport@xecurify.com.

Hello there!

Need Help? We are right here!

support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com