Step by Step Guide to Setup ADFS as IdP for Joomla

STEP 1:In the Description tab of the plugin, click on the metadata URL and save the data as an XML file.
 
 

 
 
STEP 2: In ADFS, click on Add Relying party Trust. Then click on Start.
 
STEP 3: In Select Data Source: Select Import data about the relying party from a file and browse to the metadata file created in step 1 provided in the Identity Provider tab of the plugin. Click Next.
 

 
STEP 4: In Specify Display name: Enter Display name. Click Next.
 
STEP 5: In Configure Multi-factor Authentication Now, select I do not want to configure multi factor authentication settings for this relying party trust.Click Next.
 
STEP 6: In Choose Issuance Authorization Rules, select Permit all users to access this relying party. Click Next.
 
STEP 7: In Ready to Add Trusts, select click Next.
 
STEP 8: Check Open the Edit Claim Rules dialog and click close.Click Add rule and then select Send LDAP Attributes as Claims. Enter the following:

  • Claim rule name: Attributes
  • Attribute Store: Active Directory
  • LDAP Attribute: E-Mail-Addresses
  • Outgoing Claim Type: Name ID
  • Click Finish.


STEP 9: In miniOrange SAML SP plugin, go to Identity Provider Settings tab. Enter the following values:

Identity Provider Name: ADFS
SAML Login URL: https://<your_ADFS_domain>/adfs/ls
SAML Logout URL https://<your_ADFS_domain>/adfs/ls
IdP Entity ID http://<your_ADFS_domain>/adfs/services/trust
X.509 Certificate: Paste the certificate value you copied from the ADFS Metadata file.
Response Signed: Unchecked
Assertion Signed: Checked

Features

Upload IDP Metadata

If you have your IDP metadata URL or IDP metadata file, then you can upload it directly using the ‘Upload IDP Metadata’ feature in Identity Provider Settings tab.


 

Auto Redirect the User To IDP [Available in PREMIUM plugin]

This option is present on the SSO Login Settings tab of the plugin.Enable this if you want to restrict your site to only logged in users.Enabling this plugin will redirect the users to your IdP if logged in session is not found.


Enable Backend Login for Super Users during Single Sign On [Available in PREMIUM plugin]

This option is present on the SSO Login Settings tab of the plugin.Enabling this option redirects the Super Users to the administrator console on login instead of a front end session.

  • Attribute Mapping
    1. Attributes are user details that are stored in your Identity Provider.
    2. Attribute Mapping helps you to get user attributes from your IdP and map them to Joomla user attributes like firstname, lastname etc.
    3. While auto registering the users in your Joomla site these attributes will automatically get mapped to your Joomla user details.

The free plugin supports Basic attribute mapping.

Whereas the premium plugin provides you the option of Custom attribute mapping

  • Group Mapping
  • You can use this option if you want to map user groups from your IDP to Joomla user groups when auto creating the user in joomla.

    The free plugin supports Basic attribute mapping.
     

    Whereas the premium plugin provides you the option of Customized Group Mapping