Joomla OAuth Client Integration with Keycloak Single Sign-On (SSO)
Set up Single Sign-On (SSO) on your Joomla site via Keyclaok OAuth provider with the help of Joomla OAuth & OpenID Connect plugin. Integrating Keycloak Single Sign-On (SSO) into Joomla using OAuth 2.0 authentication protocol allows your users to securely login into your Joomla websites and applications by authenticating with Keycloak OAuth provider. The Keyclaok OAuth Joomla plugin also provides advanced features such as, Auto create users, Attribute Mapping, Group Mapping etc.
Visit our Joomla OAuth Client Plugin page to learn more about the features and Pricing plans we offer for the Joomla OAuth Single Sign-on (OAuth & OpenID connect) plugin.
Pre-requisites : Download And Installation
Steps to Install Joomla OAuth Client Plugin
- Download the zip file for the miniOrange OAuth Client plugin for Joomla.
- Login into your Joomla site’s administrator console.
- From left toggle menu, click on System, then under Install section click on Extension.
- Upload the downloaded zip file to install the Joomla OAuth Client plugin.
- Installation of the plugin is successful. Now click on Start Using miniOrange OAuth Client plugin.
- Under Configure OAuth -> Pre-Configured Apps tab, select your OAuth Provider. You can also search for custom OAuth or custom OpenID application in the search bar, and configure your own custom provider.
Steps to configure OAuth SSO into Joomla
1. Configure Callback/Redirect URL
- After selecting your OAuth provider, you will be redirected to the Step 1 [Redirect URL] tab. Now copy the Callback/Redirect URL which we will use to configure the OAuth Server, then click on the Save & Next button.
- Next we will configure Keycloak as OAUth provider.
- Start Server: Start the keycloak server by running the _standalone.sh_ file
Root Directory of keycloak/bin/standalone.sh
- Add Realm: Now login to keycloak administration console and navigate to your desired realm. You can add new realm by selecting Add Realm option.
- Create Realm: Enter Realm Name and click on CREATE to add realm.
- Now, enter the Display name and click on the Save button.
- Navigate to the Clients tab and click on Create button.
- Enter the Client ID and click on the Save button.
- Paste the previously copied Callback/Redirect URL into the Valid Redirect URLs text field and click on Save button.
- Go to the Credentials tab and copy the Secret. This will be your Client Secret in the Joomla OAuth Plugin.
- Add Realm: Now login to keycloak administration console and navigate to your desired realm. You can add new realm by selecting Create Realm option.
- Create realm: Enter Realm Name and keep the realm name handy as it will required later to configure the Realm under the OAuth Client plugin. Click on CREATE to add realm.
- Create OpenID client: Click on the Clients and choose Create Client to create a new client.
- Enter Client ID and select client protocol OpenID-connect and click on Next.
- Enable the Client Authentication and Authorization toggle and click on Next.
- Scroll down to the Access settings and enter your Callback/Redirect URL which you will get from your miniOrange plugin present on your Client side under the CallBack URLs text-field.
- Go to the Credentials tab, copy the Client Secret and keep it handy as we will require it later while configuring Joomla OAuth Single Sign-On plugin.
2. Configure Client ID and Secret
- Go to the Step 2 [Client ID & Secret] tab of the Joomla OAuth Client plugin, here paste the Client ID, Client Secret and Tenant. Click on the Save Configuration button.
2.1. Scope & Endpoints
- Scope & Endpoints are given below, which are required for configuring Joomla as OAuth Client plugin to configure Keycloak as a custom OAuth or OIDC provider.
|
Scope:
openid email profile
|
|
Authorize Endpoint:
<Keycloak base
URL>/realms/{realm-name}/protocol/openid-connect/auth
|
|
Access Token Endpoint:
<Keycloak base
URL>/realms/{realm-name}/protocol/openid-connect/token
|
|
Get User Info Endpoint:
<Keycloak base
URL>/realms/{realm-name}/protocol/openid-connect/userinfo
|
|
Set Client Credentials:
In Header
|
3. Configure Attribute Mapping
- Go to Step 3 [Attribute Mapping] tab and click on Test Configuration button.
- You will be able to see the attributes in the Test Configuration output as follows.
- Now go to the Step 3 [Attribute Mapping] tab and Select the attribute name for Email and Username from dropdown. Then click on Finish Configuration button.
User Attribute Mapping is mandatory for enabling users to successfully login into Joomla. We will be setting up user profile attributes for Joomla using below settings.
4. Setup Login/SSO URL
- Now go to Step 4 [SSO URL] tab, here copy the Login/SSO URL and add it to your Site by following the given steps.
- Now logout and go to your Joomla site's pages where you have added this link. You will see a login link where you placed that button. Click on this button to perform SSO.
In this guide, you have successfully configured Joomla Keycloak Single Sign-On (SSO) by configuring Keycloak as OAuth Provider and Joomla as OAuth Client using our Joomla OAuth Client plugin.This solution ensures that you are ready to roll out secure access to your Joomla site using Keycloak login credentials within minutes.
Joomla Keycloak User Sync
Additional Resources
- What is OAuth 2.0?
- Frequently Asked Questions (FAQs)
- How to configure OAuth / OpenID Connect SSO with Azure AD
- How to configure OAuth / OpenID Connect SSO with Salesforce
- How to configure OAuth / OpenID Connect SSO with AWS Cognito
- How to configure OAuth / OpenID Connect SSO with Discord
- How to configure OAuth / OpenID Connect SSO with Facebook
- How to configure OAuth / OpenID Connect SSO with Google Apps
- How to configure OAuth / OpenID Connect SSO with Instagram
Mail us on joomlasupport@xecurify.com for quick guidance(via email/meeting) on your requirement and our team will help you to select the best suitable solution/plan as per your requirement.
Need Help? We are right here!
