Joomla sso plugin

  • Tristan Bailey
    # 8 months, 2 weeks ago

    Hi

    I followed the instructions and copied settings from joomla orange plugin to the app on miniogange site, then when test it gave me the error, that the Issuer didnt work
    “my domain” plus /plugins/authentication/miniorangesaml/

    this was the setting the joomla app gave though.

    Testing that as an endpoint it just gives forbidden as a permission, so maybe a common settings issue?

    thanks

    tristan

    Tristan Bailey
    # 8 months, 2 weeks ago

    Update, after testing, this is the error:
    `

    Error: Invalid Audience URI.
    
    Please contact your administrator and report the following error:
    
    Possible Cause: The value of 'Audience URI' field on Identity Provider's side is incorrect
    
    Expected one of the Audiences to be: {{DOMAIN}}/plugins/authentication/miniorangesaml/

    `

    but in the plugin says to use “{{DOMAIN}}/?morequest=sso” in the settings,

    If I change it to this url, in the error message it worked! I think, as error goes away.

    Maybe the help needs updating?

    Abhay Yadav
    Participant
    # 8 months, 2 weeks ago

    Hi Tristan,

    The Audience URI is the Entity ID/ Issuer of the SP while the URL “{{DOMAIN}}/?morequest=sso” is the ACS URL which is the URL where the IDP will be sending the response.

    Hope this clears your doubt. Feel free to ask if you have any further queries.

    Thanks,
    Abhay

    Pavani
    # 4 months, 1 week ago

    Hi,
    We are going to use mini orange for our joomla sites to integrate OKTA, so we purchased it for 100 instances. We need your support in implementing this plugin for our test and production sites. I have few questions.

    1. The issue we are facing is with license keys , one license key will work for one website only, so is there any option to switch the keys based on our ENV variable? so that we no need to change the license keys manually whenever we push the same code and database to testing environment or production environment. (I do know that there is a import/export configuration from joomla administrator which is manual. )

    2. I noticed that when user login into joomla application using OKTA by clicking on the application, then that user details are getting saved in the joomla users database table. my question is if the same user tries to login from joomla administrator URL (ex: http://localhost/joomla/administrator) then the login is not working(with credentials of OKTA). why it is not working?

    3. if the user is removed from our OKTA then how user details will be removed from the joomla database table to avoid authorized login into administrator?

    Thank you

    Abhay Yadav
    # 4 months, 1 week ago

    Hi Pavani,

    Please find the response to your queries below:

    >> The issue with the license keys.
    -> We can make a small change from our end to resolve this issue for you. For that, I’ll need your miniOrange account with which you purchased the license. Can you please drop a mail on joomlasupport@xecurify.com and let us know the above details?

    >> SSO for Joomla administrator.
    -> If you are trying to access the Joomla administrator console directly, then your Joomla credentials will be used to access the site. If you wish to use your OKTA credentials to SSO into Joomla admin console then you’ll need to use the SSO link present in the SSO Login settings of the tab. If you need to force your users to access the site using OKTA credentials only, then you can use the Auto-Redirect to IDP feature to restrict your site to logged in users only. If a user is not logged in and tries to access the site, he’ll be automatically redirected to OKTA for authentication.

    >> Removing user account from Joomla if the account is removed from OKTA.
    -> We have an add-on to support User Sync with OKTA. This add-on comes as a part of the enterprise version of the plugin. If you have the Standard or Premium version of the plugin then you can purchase the add-on separately.

    Let me know if you have any further queries.

    Thanks,
    Abhay

Viewing 5 posts - 1 through 5 (of 5 total)

Reply