Joomla Single Sign On (SSO) using PingOne as IdP


Joomla SAML SP plugin gives the ability to enable SAML Single Sign-On for Joomla site. Joomla SAML SP plugin is compatible with all SAML Identity Providers. Here we will go through a guide to configure SSO between Joomla and PingFederate / PingOne. By the end of this guide, Ping One users should be able to log in and register to Joomla site.

Step 1: Setup PingOne as Identity Provider

    All the information required to configure the PingOne i.e. plugin’s metadata is given in the Service Provider Metadata tab of the miniOrange plugin.

  • Login to your PingOne environment as the administrator. Click on your ProfileAdmin.
  • Go to ApplicationsAdd ApplicationNew SAML Application.
  • Enter the application details and click Continue to Next Step. Application Name, Application Description, and Category are required fields. For logos and icons, PNG is the only supported graphics format.
  • pingone sso-1

miniorange img Provide the SAML configuration details for the application.


    1.Signing: In the dropdown list, select the signing certificate you want to use.

    2.SAML Metadata: Click Download to retrieve the SAML metadata for PingOne. This supplies the Ping    One connection information to the application.

    3.Protocol Version: Select the SAML protocol version appropriate for your application.

    4.Upload Metadata: There are 3 ways to provide service provider metadata to PingOne

      Method 1:

      • Click on use URL
      • Enter Service provider metadata URL from Service provider setup tab of miniOrange plugin.
      Method 2:

      • Click Choose File to upload the application’s metadata file. The entries for ACS URL and Entity ID will then be supplied for you.
      Method 3:

      • Go to Service Provider Metadata tab of miniOrange plugin. You can find ACS URL, Entity ID, Single logout URL you will need to enter this information manually.

    5.Single Logout Endpoint: The URL to which our service will send the SAML Single Logout (SLO) request    using the Single Logout Binding Type that you select).

    6.Single Logout Response Endpoint: The URL to which your service will send the SLO Response.

    7.Single Logout Binding Type: Select the binding type (Redirect or POST) to use for SLO.

    8.Primary Verification Certificate: Click Choose File to upload the primary public verification certificate    to use for verifying the SP signatures on SLO requests and responses.

    9.Signing Algorithm: Use the default value or select the algorithm to use from the dropdown list.

       Optional:

        I.Encrypt Assertion: If selected, the assertions PingOne sends to the SP for the application will   be encrypted.

        II.Encryption Certificate: Upload the certificate from miniOrange plugin to use to encrypt the    assertions.

        III.Encryption Algorithm: Choose the algorithm to use for encrypting the assertions. We    recommend AES_256 (the default), but you can select AES_128 instead.

        IV.Transport Algorithm: The algorithm used for securely transporting the encryption key.    Currently, RSA-OAEP is the only transport algorithm supported.

        V.Force Re-authentication: If selected, users having a current, active SSO session will be    re- authenticated by the identity bridge to establish a connection to this application.

  • Click Continue to Next Step. The SSO Attribute Mapping page is displayed.
  • ping one sso-2/>




<li>In the <strong>Attribute Mapping</strong>, Modify or add any attribute mappings as necessary for the application.</li>
<img class=
  • The summary information for the application configuration is then displayed on a new page and the new SAML application is added to your My Applications list.

Step 2: Setup your Joomla site as Service provider

  • You can configure your IDP using one of these 3 methods:
    •  By Metadata URL:

      • Enter Identity Provider Name.
      • Click on Upload Metadata URL in Service Provider Setup tab.
      • Enter your metadata URL.
      • If your IDP changes certificates at intervals, you should select Update IDP settings by pinging metadata URL (We will store the metadata URL)
      • Click Fetch Metadata.
      • ping one sso-1

       By uploading Metadata XML file:

      • Enter Identity Provider Name.
      • Click on Upload Metadata URL in Service Provider Setup tab.
      • Click on Browse and select a metadata XML file.
      • Click Upload.
      • Upload metadata xml file

       Manual Configuration:

      • Go to Service Provider Setup tab and enter the following details.
      • Identity Provider Name: Enter your IdP name. For example : PingOne
        SAML Login URL: The SSO URL that you noted while configuring the Joomla site in PingOne.
        IdP Entity ID or Issuer: The Entity ID that you noted while configuring the Joomla site in PingOne.
        X.509 Certificate: Open the downloaded certificate in the Notepad. Copy/paste the entire content of the file here.
    • Now click on Save Configuration.
    • You can Test Configuration By clicking on Test Configuration.

Free Trial

If you don't find what you are looking for, please contact us at info@xecurify.com or call us at +1 978 658 9387.