Guide for Joomla Single Sign On (SSO) using Jboss Keycloak as Identity Provider (IdP)

Jboss keycloak Single Sign On (SSO) For Joomla miniOrange provides a ready to use solution for Joomla. This solution ensures that you are ready to roll out secure access to your Joomla site using Jboss Keycloak within minutes.

Step 1: Configuring Jboss keycloak as Identity Provider (IdP)

  • In your Keycloak admin console, select the realm that you want to use.
  • Joomla Jboss Keycloak configuration
  • Click on the Clients from the left navigation bar.
  • Click on create button at the top right corner and enter the following values to create a new client/application.
  • Client ID SP-EntityID/Issuer from Service Provider Metadata
    Client protocol SAML
    Client SAML Endpoint (optional) The ACS (Assertion Consumer Service) URL from Service Provider Metadata
    Joomla Jboss Keycloak new client application Joomla Jboss Keycloak new client/application
  • Click on Save.
  • Configure the following:
  • Client ID The SP-EntityID / Issuer from Service Provider Metadata
    NameProvide a name for this client (Eg. Joomla)
    Description (optional)Provide a description
    EnabledON
    Consent RequiredOFF
    Client ProtocolSAML
    Include AuthnStatementNO
    Sign DocumentsNO
    Optimize Redirect signing key lookupOFF
    Sign AssertionsNO
    Signature AlgorithmRSA_SHA256
    Encrypt AssertionOFF
    Client Signature RequiredOFF
    Client Signature RequiredEXCLUSIVE
    Force Name ID FormatNO
    Name ID FormatEmail
    Root URLLeave empty or Base URL of Service Provider
    Valid Redirect URIsThe ACS (Assertion Consumer Service) URL from Service Provider Metadata
  • Under Fine Grain SAML Endpoint Configuration, configure the following:
  • Assertion Consumer Service POST Binding URLThe ACS (Assertion Consumer Service) URL from Service Provider Metadata
    Logout Service Redirect Binding URLThe Single Logout URL from Service Provider Metadata
  • Click on Save.

Joomla Jboss Keycloak Saml Endpoint Add Mappers

  • Add the following attributes in the Mappers tab.
  • Click on Add Built-in and add the following option.
  • Joomla Jboss Keycloak Mappers tab

miniorange  Add User

  • Click on the Users from the left nav bar.
  • Add a new user/view all users.
  • Joomla Jboss Keycloak user tab
  • Enter the username, valid email address and check on User Enabled.
  • Joomla Jboss Keycloak User Enabled
  • Click on Save.

Step 2: Configuring Joomla as Service Provider(SP)

  • Click on the Realm Settings from the left nav bar and open SAML 2.0 Identity Provider Metadata.
  • Jboss keycloak Realm Setting

    OR

  • Go to, https://<YOUR_DOMAIN>/auth/realms/{YOUR_REALM}/protocol/saml/descriptor.This will open an XML in the browser.
  • Jboss keycloak XML browser
  • In miniOrange’s Joomla SAML SP plugin, go to Service Provider Setup Tab. Enter the following values:
  • Identity Provider Name Provide an Identity Provider name (For Example: Keycloak).
    IdP Entity ID or IssuerSearch for the entityID from IDP Metadata.Enter the Value in the Entity ID textbox.
    Single Sign-On Service URLSearch for SingleSignOnService Binding ”urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect” from IDP Metadata.Enter the location value in the SAML Login URL textbox.
    Single Logout Service URL (Optional)Search for SingleLogoutService Binding”urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect” from IDP Metadata.Enter the location value in the SAML Login URL textbox.
    X.509 Certificate (Optional)Search for the X.509 Certificate from IDP Metadata.Enter the tag value in Certificate textbox.
    Jboss keycloak Certificate
  • Click on Save Configuration.
  • Test the configuration after successful saving.
  • Add a button on your site login page with the following URL:
  • Jboss keycloak Site login url

Step 3: Attribute Mapping (It is Optional to fill this). This is Premium feature.

  • Attributes are user details that are stored in your Identity Provider.
  • Attribute Mapping helps you to get user attributes from your IdP and map them to Joomla user attributes like first name, Lastname, etc.
  • While auto registering the users in your Joomla site these attributes will automatically get mapped to your Joomla user details.
  • In miniOrange SAML plugin, go to Attribute Mapping tab and fill in all the fields.
  • Username: Name of the username attribute from IdP (Keep NameID by default)
    Email: Name of the email attribute from IdP (Keep NameID by default)
    Group/Role: Name of the Role attribute from IdP
    Jboss Keycloak attribute/role mapping
  • You can check the Test Configuration Results under Identity Provider Settings tab to get a better idea of which values to map here.

Step 4: Group/Role Mapping (It is Optional to fill this). This is Premium feature.

  • Joomla uses a concept of Roles, designed to give the site owner the ability to control what users can and cannot do within the site.
  • Role mapping helps you to assign specific roles to users of a certain group in your IdP.
  • While auto registering, the users are assigned roles based on the group they are mapped to.
  • Jboss Keycloak group mapping

Step 5: SSO Login Settings.

  • Go to SSO Login Settings tab. There are multiple features availabe in this tab like Auto redirect the user to Identity Provider and Enable Backed Login for Super Users.To use these features, click on the respective checkboxes.
  • Jboss Keycloak auto redirect to idp backend login

Trial Free

If you don't find what you are looking for, please contact us at info@xecurify.com or call us at +1 978 658 9387.