Shibboleth2 Single Sign On (SSO) for Joomla miniOrange provides a ready to use solution for Joomla. This solution ensures that you are ready to roll out secure access to your Joomla site using Shibboleth2 within minutes.
<MetadataProviderxsi:type="InlineMetadataProvider" xmlns="urn:mace:shibboleth:2.0:metadata" id="MyInlineMetadata">
<EntitiesDescriptorxmlns="urn:oasis:names:tc:SAML:2.0:metadata">
<md:EntityDescriptorxmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="<ENTITY_ID_FROM_PLUGIN>">
<md:SPSSODescriptorAuthnRequestsSigned="false" WantAssertionsSigned="true" protocolSupportEnumeration=
"urn:oasis:names:tc:SAML:2.0:protocol">
<urn:oasis:names:tc:SAML:1.1:nameidformat:emailAddress</md:NameIDFormat>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:https-POST"
Location="<ACS_URL_FROM_PLUGIN>" index="1"/>
</md:SPSSODescriptor>
</md:EntityDescriptor>
</EntitiesDescriptor>
</MetadataProvider>
<resolver:AttributeDefinitionxsi:type="ad:Simple" id="email" sourceAttributeID="mail">
<resolver:Dependency ref="ldapConnector" />
<resolver:AttributeEncoderxsi:type="enc:SAML2StringNameID" nameFormat="urn:oasis:names:tc:SAML:1.1:
nameid-format:emailAddress"/>
</resolver:AttributeDefinition>
<afp:AttributeFilterPolicy id="releaseTransientIdToAnyone">
<afp:PolicyRequirementRulexsi:type="basic:ANY"/>
<afp:AttributeRuleattributeID="email">
<afp:PermitValueRulexsi:type="basic:ANY"/>
</afp:AttributeRule>
</afp:AttributeFilterPolicy>
IDP Entity ID | https://<your_domain>/idp/shibboleth |
Single Login URL | https://<your_domain>/idp/profile/SAML2/Redirect/SSO |
X.509 Certificate | The public key certificate of your Shibboleth server |
I. By Uploading Shibboleth2 Metadata.xml file(Recommended):
II. Manual Configuration :
IDP Entity ID | Identity Provider Issuer from Shibboleth2 Setup Instructions |
Single Sign-On Service URL | Identity Provider Single Sign-On URL from Shibboleth2-idp Setup Instructions |
X.509 Certificate | X.509 Certifiacate from Shibboleth2 Setup Instructions |
III. Add a button on your site login page with the following URL:
Username: | Name of the username attribute from IdP (Keep NameID by default) |
Email: | Name of the email attribute from IdP (Keep NameID by default) |
Group/Role: | Name of the Role attribute from your Identity Provider (Shibboleth2-idp) |
Business Trial For Free
If you don't find what you are looking for, please contact us at joomlasupport@xecurify.com or call us at +1 978 658 9387.