Hello there!

Need Help? We are right here!

support
miniOrange Email Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com

Single Sign On (SSO) for Joomla
miniOrange provides a ready to use solution for Joomla. This solution ensures that you are ready to roll out secure access to your Joomla site within minutes.

SETUP GUIDE FOR SHIBBOLETH AS IdP

STEP 1: In conf/idp.properties, uncomment and set 'idp.encryption.optional' to true. Example:

idp.encryption.optional = true

STEP 2: In conf/metadata-providers.xml, configure Joomla as an SP like this:

 <MetadataProvider id="HTTPMetadataMiniOrange"
 xsi:type="FileBackedHTTPMetadataProvider"
 backingFile="%{idp.home}/metadata/miniorange-sp-metadata.xml"
 metadataURL="https://<path-to-joomlasite>/plugins/authentication/miniorangesaml/saml2/sp-metadata.xml"/>

STEP 3: In conf/saml-nameid.properties, uncomment and set default NameID as EmailAddress like this:

 idp.nameid.saml2.default=urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress

STEP 4: In conf/saml-nameid-xml, search for shibboleth.SAML2NameIDGenerators.
Uncomment the shibboleth.SAML2AttributeSourcedGenerator bean and comment all other ref beans. For eg. your SAML 2 NameID Generation tag should look like this:

 <!-- SAML 2 NameID Generation -->
 <util:list id="shibboleth.SAML2NameIDGenerators">
 <!--
  <ref bean="shibboleth.SAML2TransientGenerator" />
  -->
 <!--
  <ref bean="shibboleth.SAML2PersistentGenerator" />
 -->
 <bean parent="shibboleth.SAML2AttributeSourcedGenerator"
 p:format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
 p:attributeSourceIds="#{ {'email'} }" />
 </util:list>

STEP 5: Make sure you have defined AttributeDefinition in conf/attribute-resolver.xml.
For eg. you have LDAP configured for authentication then your AttributeDefinition should look like this:

 <!--
 Note: AttributeDefinition id must be same as what you provided in
 attributeSourceIds in conf/saml-nameid.xml
 -->
 <resolver:AttributeDefinition xsi:type="ad:Simple" id="email"
  sourceAttributeID="mail">
  <resolver:Dependency ref="ldapConnector" />
 <resolver:AttributeEncoder xsi:type="enc:SAML2String"
  name="email" friendlyName="email" />
 <resolver:AttributeDefinition&rt;
 <resolver:DataConnector id="ldapConnector" xsi:type="dc:LDAPDirectory"
 ldapURL="%{idp.authn.LDAP.ldapURL}"
 baseDN="%{idp.authn.LDAP.baseDN}"
 principal="%{idp.authn.LDAP.bindDN}"
 principalCredential="%{idp.authn.LDAP.bindDNCredential}">
 <dc:FilterTemplate>
 <!-- Define you User Search Filter here -->
 <![CDATA[
 (&(objectclass=*)(cn=$requestContext.principalName))
 ]]>
 </dc:FilterTemplate>
 <dc:ReturnAttributes>*</dc:ReturnAttributes>
 </resolver:DataConnector>

STEP 6: Make sure you have AttributeFilterPolicy defined in conf/attribute-filter.xml
For eg. attributeID must be same as AttributeDefinition ID defined in previous step.

 <afp:AttributeFilterPolicy id="ldapAttributes">
 <afp:PolicyRequirementRule xsi:type="basic:ANY" />
 <afp:AttributeRule attributeID="email">
 <afp:PermitValueRule xsi:type="basic:ANY"/>
 </afp:AttributeRule>
 </afp:AttributeFilterPolicy>

STEP 7: Restart the Shibboleth Server and go to IDENTITY PROVIDER SETTINGS tab in miniOrange SAML plugin and enter the following details:

Single SignOn Service Url https://<your domain>/idp/profile/SAML2/Redirect/SSO
IDP Entity ID https://<your domain>/idp/shibboleth
X.509 Certificate The public key certificate of your IdP

Why Our Customers choose miniOrange Secure Identity Solutions ?


24/7 Support

miniOrange provides 24/7 support for all the Secure Identity Solutions. We ensure high quality support to meet your satisfaction.

Try Now

Affordable Pricing

miniorange provides most affordable Secure Identity Solutions for all type of use cases and offers different packages based on customer's requirement.

Request A Quote


We offer Secure Identity Solutions for Single Sign-On, Two Factor Authentication, Adaptive MFA, Provisioning, and much more. Please contact us at -

   +1 978 658 9387 (US)   ,   +91 97178 45846 (India)    |       info@xecurify.com