Search Results :

×

Joomla OAuth Client Integration with Keycloak Single Sign-On (SSO)


Set up Single Sign-On (SSO) on your Joomla site via Keyclaok OAuth provider with the help of Joomla OAuth & OpenID Connect plugin. Integrating Keycloak Single Sign-On (SSO) into Joomla using OAuth 2.0 authentication protocol allows your users to securely login into your Joomla websites and applications by authenticating with Keycloak OAuth provider. The Keyclaok OAuth Joomla plugin also provides advanced features such as, Auto create users, Attribute Mapping, Group Mapping etc.

Visit our Joomla OAuth Client Plugin page to learn more about the features and Pricing plans we offer for the Joomla OAuth Single Sign-on (OAuth & OpenID connect) plugin.

Pre-requisites : Download And Installation

Setup Keycloak as OAuth Provider with Joomla OAuth Client

1. Download and Setup Joomla OAuth Client

  • Download the zip file for the miniOrange OAuth Client plugin for Joomla.
  • Login into your Joomla site’s administrator console.
  • From left toggle menu, click on System, then under Install section click on Extension.
  • Upload the downloaded zip file to install the Joomla OAuth Client plugin.
  • Installation of the plugin is successful. Now click on Start Using miniOrange OAuth Client plugin.
  • Under Configure OAuth -> Pre-Configured Apps tab, select your OAuth Provider.
  • Microsoft Intra ID OAuth SSO into Joomla - Select your OAuth Provider
  • Go to the Configure OAuth -> Custom Application tab if your provider is not in the list.
  • Microsoft Intra ID OAuth SSO into Joomla - Select Custom OAuth Provider
  • Go to Step 1 [Redirect URL] tab and Copy the Callback/Redirect URL. We will require it later.
  • Microsoft Intra ID OAuth SSO into Joomla - Copy Callback URL

2. Configure Keycloak as OAuth Provider


  • Start Server: Start the keycloak server by running the _standalone.sh_ file

    Root Directory of keycloak/bin/standalone.sh

  • Add Realm: Now login to keycloak administration console and navigate to your desired realm. You can add new realm by selecting Add Realm option.
  • Keycloak SSO OAuth openid-connect  add realm
  • Create Realm: Enter Realm Name and click on CREATE to add realm.
  • Keycloak SSO OAuth openid-connect  add realm
  • Now, enter the Display name and click on the Save button.
  • Keycloak SSO OAuth openid-connect  Add Role
  • Navigate to the Clients tab and click on Create button.
  • Keycloak SSO OAuth openid-connect  Add User
  • Enter the Client ID and click on the Save button.
  • Keycloak SSO OAuth openid-connect  Credentials
  • Paste the previously copied Callback/Redirect URL into the Valid Redirect URLs text field and click on Save button.
  • Keycloak SSO OAuth openid-connect  Role Mapping
  • Go to the Credentials tab and copy the Secret. This will be your Client Secret in the Joomla OAuth Plugin.
  • Keycloak SSO OAuth openid-connect

  • Add Realm: Now login to keycloak administration console and navigate to your desired realm. You can add new realm by selecting Create Realm option.
  • Azure AD user sync with Joomla - Home Screen
  • Create realm: Enter Realm Name and keep the realm name handy as it will required later to configure the Realm under the OAuth Client plugin. Click on CREATE to add realm.
  • Setup ldap guide on window server - Directory-service
  • Create OpenID client: Click on the Clients and choose Create Client to create a new client.
  • Setup ldap guide on window server - default-setting
  • Enter Client ID and select client protocol OpenID-connect and click on Next.
  • Setup ldap guide on window server - default-setting
  • Enable the Client Authentication and Authorization toggle and click on Next.
  • Setup ldap guide on window server - NetBIOS Domain
  • Scroll down to the Access settings and enter your Callback/Redirect URL which you will get from your miniOrange plugin present on your Client side under the CallBack URLs text-field.
  • Setup ldap guide on window server - AD-Ds-database
  • Go to the Credentials tab, copy the Client Secret and keep it handy as we will require it later while configuring Joomla OAuth Single Sign-On plugin.
  • Setup ldap guide on window server - ldap server

3. Integrating Joomla with Keycloak

  • Go back to your Joomla Dashboard. Then go to Components, then miniOrange OAuth Client and click on Configure OAuth tab.
  • Now go to Step 2 [Client ID and Secret] tab of Joomla OAuth Client Plugin. Then paste the Client ID and Client Secret and Realm. then click on Save Settings.
  • Keycloak SSO with Joomla OIDC OAuth, Keycloak SSO for Joomla, client id client secret
  • You have successfully completed setting up Keycloak as an OAuth provider.

3.1. Keycloak Scope & Endpoints

  • Scope & Endpoints are given below, which are required for configuring Joomla as OAuth Client plugin to configure Keycloak as a custom OAuth or OIDC provider.
  • Scope: openid email profile
    Authorize Endpoint: <Keycloak base URL>/realms/{realm-name}/protocol/openid-connect/auth
    Access Token Endpoint: <Keycloak base URL>/realms/{realm-name}/protocol/openid-connect/token
    Get User Info Endpoint: <Keycloak base URL>/realms/{realm-name}/protocol/openid-connect/userinfo
    Set Client Credentials: In Header

4. User Attribute Mapping

  • User Attribute Mapping is mandatory for enabling users to successfully login into Joomla. We will be setting up user profile attributes for Joomla using below settings.
  • Click on Test Configuration button, you will see all the values returned by your Keycloak to Joomla in a table.
  •  Keycloak Single Sign-On (SSO) OAuth/OpenID
  • Now go to do Step 3 [Attribute Mapping] tab. Here you can map all the Attribute Mapping details in the given fields below.
  •  Keycloak Single Sign-On (SSO) OAuth/OpenID

5. Role/Group Mapping [Premium]

  • Go to the User Mapping > Groups/Roles tab. Here you can Enable Role Mapping and select default groups for new users.
  • Based on your provider application, you can allocate the Joomla role to your provider roles.
  •  Keycloak Single Sign-On (SSO) OAuth/OpenID

6. Login Settings

  • Now you can use Login / SSO URL to perform SSO.
  •  Keycloak Single Sign-On (SSO) OAuth/OpenID
  • Now logout and go to your Joomla site's pages where you have added this link. You will see a login link where you placed that button. Click on this button to perform SSO.
  • Congratulations, you have successfully configured the miniOrange OAuth Client plugin with your Keycloak OAuth Provider.
  • Click on the Upgrade Plans tab to check out our complete list of features and various licensing plans. OR you can click here to check features and licensing plans.
  • If you want to purchase any of the paid version of the plugin, you have to register/login with us in Account Setup tab. OR you can register/login Here .
  • In case, you are facing some issue or have any question in mind, you can reach out to us by sending us your query through the Support button in the plugin or by sending us a mail at joomlasupport@xecurify.com.

In this guide, you have successfully configured Joomla Keycloak Single Sign-On (SSO) by configuring Keycloak as OAuth Provider and Joomla as OAuth Client using our Joomla OAuth Client plugin.This solution ensures that you are ready to roll out secure access to your Joomla site using Keycloak login credentials within minutes.

Joomla Keycloak User Sync

Joomla Keycloak User Sync

The Keycloak user sync plugin for Joomla allows you to synchronize and provision your Joomla users into Keycloak and vice versa.

Additional Resources


Mail us on joomlasupport@xecurify.com for quick guidance(via email/meeting) on your requirement and our team will help you to select the best suitable solution/plan as per your requirement.

Hello there!

Need Help? We are right here!

support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com