Joomla SAML Single Sign On (SSO) using ADFS as IdP

ADFS Single Sign On (SSO) for Joomla miniOrange provides a ready to use solution for Joomla. This solution ensures that you are ready to roll out secure access to your Joomla site using ADFS within minutes.

You can download SAML single sign-on plugin zip file for Joomla Service Provider from here.

Step 1: Configuring ADFS as IdP

  • In ADFS, click on Add Relying Party Trust . Then click on Start .
    • adfs relying party trust adfs add relying party trust
  • In Select Data Source: Select Enter data about the relying party manually. Click Next .
    • adfs add relying party manually
  • In Specify Display name: Enter Display name . Click Next.
  • In Choose Profile : Select AD FS profile. Click Next.
  • In Configure Certificate: If you’re using a free plugin, skip this step and click Next. If you’re using a premium plugin, upload the certificate downloaded from the plugin. Click Next.
  • In Configure URL: Check Enable Support for the SAML 2.0 Web SSO Protocol and enter the ACS URL from the plugin in Relying Party SAML 2.0 SSO Service URL field. Click Next.
    • adfs acs url
  • Configure Identifiers: Enter the SP-Entity ID/Issuer URL from the plugin in Relying Party Trust Identifier field. Click Add. Click Next
    • adfs relying party trust identifier
  • In Configure Multi-factor Authentication: Select I do not want to configure multi factor authentication settings for this relying party trust. Click Next.
  • In Choose Issuance Authorization Rules, select Permit all users to access this relying party. Click Next.
  • In Ready to Add Trusts, select click Next.
  • Check Open the Edit Claim Rules dialog and click close. Click Add rule and then select Send LDAP Attributes as Claims . Enter the following:
    • Claim rule name Enter claim rule name(Any). For example: Attributes
    Attribute Store Active Directory
    LDAP Attribute E-Mail-Addresses
    Outgoing Claim Type Name ID
  • Click on Finish button.
    • adfs sso

Step 2: Configuring Joomla as SP

  • In miniOrange SAML plugin, go to Service Provider Setup tab. There are three ways to configure the plugin:

      • adfs metadata By Uploading ADFS Metadata File :

      • Click on Upload IDP Metadata.
        • adfs metadata url
      • Upload metadata file and click on Upload.
        • adfs upload idp metadata

      adfs idp plugins By Uploading ADFS Metadata URL :

      • Click on Upload IDP Metadata.
        • adfs sso idp metadata
      • Enter Metadata URL and click on Fetch Metadata.
        • adfs metadata url fetch
      • You can provide this metadata url https://<your_ADFS_domain>/federationmetadata/2007-06/federationmetadata.xml

      adfs sso login page url Add a button on your site login page with the following URL:

        adfs signin-1
  • If you want Single logout then follow these steps:
  • Navigate to Relying Party Trusts => Properties
    • adfs single logout
  • Navigate to Endpoints => Add SAML
    • adfs saml sso
  • Select SAML Logout from Endpoint type dropdown.
  • Enter ACS URL in Trusted URL textfield and SAML Logout URL in Response URL textfield then click on OK button.
    • adfs saml logout url

Step 3: Attribute Mapping (It is Optional to fill this). This is Premium feature.

  • Attributes are user details that are stored in your Identity Provider.
  • Attribute Mapping helps you to get user attributes from your IdP and map them to Joomla user attributes like firstname, lastname etc.
  • While auto registering the users in your Joomla site these attributes will automatically get mapped to your Joomla user details.
  • In miniOrange SAML plugin, go to Attribute Mapping tab and fill in all the fields.
    • Username: Name of the username attribute from IdP (Keep NameID by default)
    Email: Name of the email attribute from IdP (Keep NameID by default)
    Group/Role: Name of the Role attribute from IdP
    adfs attribute/role mapping
  • You can check the Test Configuration Results under Identity Provider Settings tab to get a better idea of which values to map here.

Step 4: Group/Role Mapping (It is Optional to fill this). This is Premium feature.

  • Joomla uses a concept of Roles, designed to give the site owner the ability to control what users can and cannot do within the site.
  • Role mapping helps you to assign specific roles to users of a certain group in your IdP.
  • While auto registering, the users are assigned roles based on the group they are mapped to.
    • adfs group mapping

Step 5: SSO Login Settings.

  • Go to SSO Login Settings tab. There are multiple features availabe in this tab like Auto redirect the user to Identity Provider and Enable Backed Login for Super Users.To use these features, click on the respective checkboxes.
    • adfs auto redirect to idp backend login

Trial Free

If you don't find what you are looking for, please contact us at info@xecurify.com or call us at +1 978 658 9387.