Search Results :

×

SAML Single Sign-On (SSO) into AWS Cognito using Joomla IDP Plugin

Single Sign-On in AWS Cognito using Joomla IDP allows users to log in to AWS Cognito using Joomla by configuring AWS Cognito as a Service Provider (SP) and Joomla as a SAML Identity Provider (IDP). This guide will take you through a step-by-step process to configure SSO between the two platforms.

What is AWS Cognito?
AWS Cognito is a service provided by Amazon Web Services (AWS) that offers authentication, authorization, and user management for web and mobile applications. It simplifies the process of adding user sign-up, sign-in, and access control to your apps.

  • Login into your Joomla site’s Administrator console.
  • From left toggle menu, click on System, then under Install section click on Extensions.
  • Now click on Or Browse for file button to locate and install the plugin file downloaded earlier.
Install Joomla SAML IDP Plugin

  • Installation of plugin is successful. Now click on Start Using miniOrange SAML IDP Plugin to configure miniOrange Joomla IDP plugin.
Get Started with SAML IDP Setup

  • Go to the miniOrange Joomla IDP plugin, navigate to the Identity Provider tab.
  • Here, you can find the Identity Provider Metadata XML URL/File or endpoints like IDP Entity ID, SAML Login URL, SAML Logout URL (Premium Feature), and Certificate for SP configuration. Download the XML Metadata by clicking on the button as shown below.
Joomla SAML IDP Metadata

In this setup, Joomla serves as the repository for storing users i.e. it will act as the IDP while AWS Cognito is where users will log in using their credentials from Joomla where Joomla SAML IDP SSO Plugin will be installed.

  • First of all, go to AWS Cognito Console and sign up/login in your account to Configure AWS Cognito.
  • Go to Services > Security, Identity, & Compliance > Cognito.
Go to AWS Cognito Console

  • Click Manage User Pools, then Create a user pool.
Create a user pool

Create a user pool

  • Enter a name for the Pool Name. Click Review Defaults, then Create Pool.
Create User Pool

  • After creating a pool keep the Pool ID handy or you can note down so that it will help to configure your IdP.
Copy Pool ID

  • On the left pane, click on Domain Name under App Integration. Enter an available domain prefix, then save it. Keep this Domain it will require in ACS URL to configure your IDP.
Copy Domain Name

  • On the left pane, click on Identity Provider under Federation. Then Select SAML.
Configure SAML

  • Upload the Joomla IDP metadata, name it, then click Create Provider.
Upload the Joomla IDP metadata

  • Add this
    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

    attribute in SAML attribute text field and select User Pool Attribute as Email.
Add SAML attribute

  • Click Save changes.
  • In miniOrange Joomla SAML IDP Plugin, go to Service Provider tab.
  • In the SP Entity ID field, enter urn:amazon:cognito:sp:(YourUserPoolId) , (remove anchor (<>) tag and add your user pool id which you have already copied above while creating the pool.
  • Replace "yourUserPoolId" with your Amazon Cognito user pool ID.
  • To find the User Pool ID:
    • Log in to the AWS Management Console as an administrator.
    • Go to Services > Security, Identity, & Compliance, then select Cognito.
    • Select Manage User Pools, then the user pool you want to use in the configuration.
    • Find Pool Id at the top of the list.
  • In the ACS URL field, enter:
                https://YourSubdomain.amazoncognito.com/saml2/idpresponse
            

    and save it.
  • Please replace YourSubdomain with which you have created in the above step.
Replace YourSubdomain

  • You can also find your subdomain by following below steps:
    • To find YourSubdomain:
      • Click on Domain Name under App Integration.
      • Copy the whole URL and replace it with YourSubdomain in the ACS URL (please remove all the whitespaces here).
Find YourSubdomain

  • Enable the Assertion Sign checkbox to sign the assertion and click on the Save button.
  • To map the attributes click on the Mapping tab. Select your Service Provider from the dropdown.
  • Add this
                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
            

    value in Attribute Name textfield and Select Email Address form Attribute Value dropdown. Click on the Save Mapping button.
Find YourSubdomain

  • Now click on the App Clients under General Settings. Click on Add an App Client.
Add an App Client

  • Enter App client name. For eg. JoomlaIdP. Disable the Generate client secret checkbox and click on the Create App Client button at the bottom.
Find YourSubdomain

  • Now click on the App Client settings under App Integration at the left pane.
  • Enable Select all checkbox, enter Callback URL(s) and Sign out URL(s). Select Implicit Grant under Allowed OAuth Flows. Now Enable email and openid checkbox under Allowed OAuth Scopes and click on Save Changes button at the bottom right corner.
Enter Callback URL(s) and Sign out URL(s)

  • Now click on Launch Hosted UI at the bottom to perform SSO.
Launch Hosted UI

  • You can also use the following SSO URL for perform the SSO.
  •         https://(domain_prefix).auth.(region).amazoncognito.com/login?
            response_type=token&client_id=(app client id)&redirect_uri=(your redirect URI)
        
  • Now you have successfully configured miniOrange Joomla SAML IDP with AWS Cognito as SP.

ADFS_sso ×
Hello there!

Need Help? We are right here!

support