SAML Single Sign-On into AWS Cognito using Joomla IDP Plugin | AWS Cognito SSO

AWS Cognito

Single Sign-On in AWS Cognito using Joomla IdP. Login into AWS Cognito using Joomla, by configuring AWS Cognito as SP and Joomla as SAML IDP. Here we will go through a step-by-step guide to configure SSO between AWS Cognito as Service Provider (SP) and Joomla as an Identity Provider (IDP).

Amazon Cognito makes it simple to add user sign-up, sign-in, and access control to your web apps. Amazon Cognito scales to millions of users and supports SAML 2.0 sign-in with social identity providers such as Facebook and Google, as well as enterprise identity providers. The Login Using Joomla Users ( Joomla as SAML IDP ) plugin allows you to log into Amazon Cognito using your Joomla credentials. In this section, we will walk through a step-by-step process for configuring SSO between Amazon Cognito as the Service Provider and Joomla as the Identity Provider.

This guide help for configure AWS Cognito as SP and Joomla as IDP

Step 1: Download Metadata XML file from IdP

Go to Identity Provider tab. Click on Download XML Metadata button. Keep this XML file to configure your SP.

SAML SSO with AWS Cognito as SP and Joomla as IDP,Download Metadata

Step 2: Configure AWS Cognito as Service Provider

First of all, go to AWS Cognito Console and sign up/login in your account to Configure AWS Cognito.
Go to Services > Security, Identity, & Compliance > Cognito.

SAML SSO with AWS Cognito as SP and Joomla as IDP,Cognito console

Click Manage User Pools, then Create a user pool.

SAML SSO with AWS Cognito as SP and Joomla as IDP, Manage User Pools

Enter a name for the Pool Name. Click Review Defaults, then Create Pool .

After creating a pool keep the Pool ID handy or you can note down so that it will help to configure your IdP.

On the left pane, click on Domain Name under App Integration. Enter an available domain prefix, then save it. Keep this Domain it will require in ACS URL to configure your IDP.

On the left pane, click on Identity provider under Federation. Then Selct SAML

Upload the downloaded in step-1 Joomla IDP metadata file, name it, then click Create Provider.

Under Federation, select Attribute mapping .
Add this
```
 http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress 
```
attribute in SAML attribute text field and select User Pool Attribute as Email.

Click Save changes.

Step 3: Configuring Joomla as Identity Provider (IDP)

In miniOrange Joomla SAML IDP Plugin, go to Service Provider tab.
In the SP Entity ID field, enter urn:amazon:cognito:sp:(YourUserPoolId) , (remove anchor (< >) tag and add your user pool id which you have already copied above while creating the pool.
Replace "yourUserPoolId" with your Amazon Cognito user pool ID.
To find the User Pool ID:

Log in to the AWS Management Console as an administrator.
Go to Services > Security, Identity, & Compliance, then select Cognito.
Select Manage User Pools, then the user pool you want to use in the configuration.
Find Pool Id at the top of the list.

In the ACS URL field, enter:

https://YourSubdomain.amazoncognito.com/saml2/idpresponse

and save it.

In the ACS URL field, enter the following URL:
```
https://YourSubdomain.amazoncognito.com/saml2/idpresponse
```
and save it.
Please replace YourSubdomain with which you have created in the above step.

SAML SSO with AWS Cognito as SP and Joomla as IDP, Joomla SP Cofiguration

You can also find your subdomain by following below steps:
To find YourSubdomain:
Click on Domain Name under App Integration
Copy the whole URL and replace it with YourSubdomain in the ACS URL (please remove all the whitespaces here).

Enable the Assertion Sign checkbox to sign the assertion and click on the Save button.
To map the attributes click on the Mapping tab. Select your Service Provider from the dropdown.
Add this
```
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
```
value in Attribute Name textfield and Select Email Address form Attribute Value dropdown. Click on the Save Mapping button.

Step 4: Configure App Client in AWS Cognito

Now click on the App Clients under General Settings. Click on Add an App Client.

Enter App client name. For eg. JoomlaIdP. Disable the Generate client secret checkbox and click on the Create App Client button at the bottom.

Now click on the App Client settings under App Integration at the left pane.
Enable Select all checkbox, enter Callback URL(s) and Sign out URL(s).
Select Implicit Grant under Allowed OAuth Flows.
Now Enable email and openid checkbox under Allowed OAuth Scopes and click on Save Changes button at the bottom right corner.

Now click on Launch Hosted UI at the bottom to perform SSO.

You can also use the following SSO URL for perform the SSO.

https://(domain_prefix).auth.(region).amazoncognito.com/login?
response_type=token&client_id=(app client id)&redirect_uri=(your redirect URI)

Now you have successfully configured miniOrange Joomla SAML IDP with AWS Cognito as SP.

Step 1: Download Metadata XML file from IdP
Step 2: Configure AWS Cognito Service Provider (SP)
Step 3: Configure Joomla as Identity Provider (IDP)
Step 4: Configure App Client in AWS Cognito

Free Trial

If you are looking for anything which you cannot find, please drop us an email on joomlasupport@xecurify.com

SAML Single Sign-On into AWS Cognito using Joomla IDP Plugin | AWS Cognito SSO

SAML Single Sign-On into AWS Cognito using Joomla IDP Plugin | AWS Cognito SSO

AWS Cognito

Step 1: Download Metadata XML file from IdP

Step 2: Configure AWS Cognito as Service Provider

Step 3: Configuring Joomla as Identity Provider (IDP)

Step 4: Configure App Client in AWS Cognito

Contents

STAY CONNECTED

Product

Solutions

Why miniorange

Company