Search Results :

×
Sign Up Contact Us

Contents

Joomla OAuth Client Integration with Keycloak Single Sign-On (SSO)

The Joomla OAuth Client plugin uses the OAuth protocol to provide secure access to Joomla sites by enabling Keycloak as the OAuth provider, simplifying the login process. This integration allows users to log in with their Keycloak credentials, eliminating the need for multiple passwords. The plugin also features user profile attribute mapping, and role mapping for access based on organizational roles. For more details about the features of the Joomla OAuth & OpenID Connect Client plugin, please visit our page here. Follow the steps below to set up Keycloak OAuth SSO with Joomla.

download plugin button Download Plugin plugin pricing button plugin pricing button Pricing Plans free trial plugin free trial plugin Free Trial Handbook plugin Handbook plugin Handbook

Youtube-color Created with Sketch.

To setup OAuth Single Sign-On between Joomla and Keycloak, you can also follow this step by step Setup Video.


In this configuration, Keycloak functions as the OAuth server, while Joomla allows users to log in with their Keycloak credentials by utilizing the Joomla OAuth Client Plugin.

  • Login into your Joomla site’s Administrator console.
  • From left toggle menu, click on System, then under Install section click on Extensions.
  • Now click on Or Browse for file button to locate and install the plugin file downloaded earlier.
  • Installation of plugin is successful. Now click on Get Started!
  • Under Configure OAuth -> Pre-Configured Apps tab, select your OAuth Provider. You can also search for custom OAuth or custom OpenID application in the search bar, and configure your own custom provider.
Get Started with OAuth Client Setup

  • After selecting your OAuth provider, you will be redirected to the Step 1 [Redirect URL] tab. Now copy the Callback/Redirect URL which we will use to configure Microsoft Entra ID as OAuth Server, then click on the Save & Next button.
Get Started with OAuth Client Setup

  • Start Server: Start the keycloak server by running the _standalone.sh_ file
    Root Directory of keycloak/bin/standalone.sh
  • Add Realm: Now login to keycloak administration console and navigate to your desired realm. You can add new realm by selecting Add Realm option.
Start Keycloak server

  • Create Realm: Enter Realm Name and click on CREATE to add realm.
Create Realm

  • Now, enter the Display name and click on the Save button.
Save Realm

  • Navigate to the Clients tab and click on Create button.
Realm client tab

  • Enter the Client ID and click on the Save button.
Enter the Client ID

  • Paste the previously copied Callback/Redirect URL into the Valid Redirect URLs text field and click on Save button.
Enter the Callback/Redirect URL

  • Go to the Credentials tab and copy the Secret. This will be your Client Secret in the Joomla OAuth Plugin.
Copy the Client Secret

  • Add Realm: Now login to keycloak administration console and navigate to your desired realm. You can add new realm by selecting Create Realm option.
Add Realm

  • Create realm: Enter Realm Name and keep the realm name handy as it will required later to configure the Realm under the OAuth Client plugin. Click on CREATE to add realm.
Create realm

  • Create OpenID client: Click on the Clients and choose Create Client to create a new client.
Create OpenID client

  • Enter Client ID and select client protocol OpenID-connect and click on Next.
Create OpenID client

  • Enable the Client Authentication and Authorization toggle and click on Next.
Enable the Client Authentication and Authorization

  • Scroll down to the Access settings and enter your Callback/Redirect URL which you will get from your miniOrange plugin present on your Client side under the CallBack URLs text-field.
Enter your Callback/Redirect URL

  • Go to the Credentials tab, copy the Client Secret and keep it handy as we will require it later while configuring Joomla OAuth Single Sign-On plugin.
Copy the Client Secret


  • Go back to your Joomla Dashboard. Then go to Step 2 [Client ID & Secret].
  • Paste the Client ID, Client Secret and Domain. Also Set Client Credentials In header then click on Save Settings. Once Settings are saved then click on Save Configuration.
Upload IdP Metadata

Scope openid email profile
Authorize Endpoint <Keycloak base URL>/realms/{realm-name}/protocol/openid-connect/auth
Access Token Endpoint <Keycloak base URL>/realms/{realm-name}/protocol/openid-connect/token
Get User Info Endpoint <Keycloak base URL>/realms/{realm-name}/protocol/openid-connect/userInfo
Set Client Credentials In Header

  • User Attribute Mapping is mandatory for enabling users to successfully login into Joomla. We will be setting up user profile attributes for Joomla using below settings.
  • Go to Step 3 [Attribute Mapping] tab and click on Test Configuration button.
Upload IdP Metadata

  • You will be able to see the attributes in the Test Configuration output as follows.
Upload IdP Metadata

  • Now go to the Step 3 [Attribute Mapping] tab and Select the attribute name for Email and Username from dropdown. Then click on Finish Configuration button.
Upload IdP Metadata

  • Now go to Step 4 [SSO URL] tab, here copy the Login/SSO URL and add it to your Site by following the given steps.
Upload IdP Metadata

  • Now logout and go to your Joomla site's pages where you have added this link. You will see a login link where you placed that button. Click on this button to perform SSO.


ADFS_sso ×
Hello there!

Need Help? We are right here!

support