The Canvas LMS is the world’s fastest growing learning management system. It is an open-source cloud-based application designed to empower both teachers and students by making an engaging learning environment available to them. Login using Joomla Users ( Joomla as SAML IDP ) plugin gives you the ability to use your Joomla credentials to log into Canvas LMS. Here we will go through a step-by-step guide to configure SSO between, Canvas LMS as Service Provider and Joomla as an Identity Provider.

Pre-requisites : Download And Installation

Download

Free Trial

Follow the Step-by-Step Guide given below for Canvas LMS Single Sign On (SSO) with Joomla

1. Download and Install SAML IDP Plugin

• Go to your Joomla Dashboard.
• Install and activate the Joomla SAML IDP plugin on your Joomla site.
• Go to the miniOrange Joomla IDP plugin from the sidebar, and navigate to the Identity Provider tab. Here, you can find the Identity Provider Metadata URL, or you can Download the Metadata File.
• Here, you will also find the EntityID, Login URL, Logout URL (Premium Feature) and Certificate. You would need these to configure the Canvas LMS as Service provider.

2. Configure Canvas LMS as SP

• Login to your Canvas LMS domain as an Account Administrator.
• Switch to Admin view by clicking on the corresponding link from the bottom of the screen.
• Select Admin from the left pane and select the domain for which you wish to enable Single Sign-On.

• Click on Authentication in the left pane and navigate to SAML.

• Enter the values by referring to the table below.

IDP Metadata URI	Enter the Metadata URL that points to the metadata document.
IDP Entity ID	Enter the IDP Entity value that you got from the previous step.
Log On URL	Enter the SAML Login URL that you got from the previous step.
Log Out URL	Enter the SAML Logout URL(Premium feature) that you got from the previous step.
Certificate Fingerprint	Follow the steps below to copy the Thumbprint of certificate: 1. Download the certificate from Joomla SAML IDP >> Identity Provider Tab >> Click here to download the certificate. 2. Copy the downloaded certificate. 3. Visit the link https://www.samltool.com/fingerprint.php and paste the copied certificate. 4. Choose the algorithm SHA1 and click on the Calculate Fingerprint button.
Login Attribute	NameID
Identifier Format	Select urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress from the dropdown list.
Authentication Context	Select urn:oasis:names:tc:SAML:2.0:ac:classes: PasswordProtectedTransport from the dropdown list.
Message Signing	Select the algorithm to use for signing Request messages sent to the IdP. For now select Not Signed.
Just In Time Provisioning	If checked then it automatically create a user account in your Canvas LMS if its the first time a user logs in with single sign-on (SSO).


• Click Save to complete the configuration.

3. Configure Joomla as IdP

• You would need the Entity ID and ACS URL from Canvas LMS.
• You can find this information under Current Provider in Authentication section under Admin tab.
• Click on the Link to find Metadata file containing all the information of Canvas LMS.

• Now go to your Joomla Dashboard, and navigate to the Service Provider tab in Joomla SAML IDP plugin.
• Enter the values corresponding to the information from Canvas LMS. Refer to the table below.

Service Provider Name	Name of your Service Provider.
SP Entity ID or Issuer	Copy and paste the SP-EntityID from Canvas LMS.
ACS URL	Copy and paste the ACS URL from Canvas LMS.
NameID Format	urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
Assertion Signed	Checked


• Click on the Save button to save your configuration.

You have successfully completed your miniOrange SAML 2.0 IDP configurations with Canvas LMS as Service Provider.

Additional Resources

• What is Single Sign-On (SSO)?
• What is SAML?
• Additional SAML IDP guides
• Frequently Asked Questions (FAQs)

Mail us on joomlasupport@xecurify.com for quick guidance(via email/meeting) on your requirement and our team will help you to select the best suitable solution/plan as per your requirement.