When you’re sustaining numerous web sites, it may be troublesome to maintain observe of the entire administrator logins required. What’s extra, it might result in lapses in safety for those who’re continually dropping and having to reset your password, or worse, preserving them written down someplace.

DevOps/Cloud-Native Live! Boston

Configuring single sign-on (SSO) in your web site makes it simpler for licensed customers to entry the web site, whereas additionally making certain they accomplish that with elevated safety. FusionAuth SSO streamlines the method of logging into a number of websites with out the necessity to bear in mind or retailer a number of passwords.

Joomla is without doubt one of the largest PHP-based content material administration techniques on the market, and fortunately, the method of integrating FusionAuth is pretty easy. On this tutorial, you’ll be studying the way to implement OAuth SSO for Joomla customers.

What’s SSO?

SSO lets your customers entry two or extra purposes with a single set of credentials. Correctly carried out, it makes your customers’ lives simpler; they sign up as soon as and don’t must log in once they change between varied purposes.

You might have used SSO with out figuring out it when switching between Google purposes, logging into varied companies with Fb, and even logging into varied elements of Amazon’s community of web sites.

I preserve over 100 web sites in Joomla and WordPress for purchasers, in order that’s 100 administrator logins I have to hold observe of alongside the best way. Switching to SSO means I simply have to arrange the OAuth shopper on every web site, after which I can log in with SSO to every one utilizing a single authorization platform.

What’s FusionAuth?

FusionAuth is an entire identification and entry administration instrument that saves your crew time and assets. It permits you to implement complicated requirements like OAuth, OpenID Join, and SAML and construct out extra login options to fulfill compliance necessities.

Earlier than you start

There are some things that you have to have in place earlier than you get began:

  • You want to have both a FusionAuth Cloud account or set up their self-hosted model, obtainable totally free. Observe the FusionAuth 5-Minute Setup Information to get began along with your set up.
  • You want a Joomla set up to then set up the plugin so you possibly can configure SSO. When you want help with making a Joomla set up, go to www.joomla.org to search out out extra.
  • You want to obtain and set up an OAuth plugin for Joomla. This tutorial demonstrates the method utilizing the miniOrange Joomla OAuth Shopper. You may set up the extension by going to “Extensions” after which “Set up” in your Joomla web site.

After getting put in all of the required elements above, log into your FusionAuth occasion to get began configuring your SSO in your web site.

Configure an Software in FusionAuth

Within the FusionAuth administrative consumer interface, navigate to Functions. Click on the inexperienced + button so as to add a brand new software to your FusionAuth occasion. Observe these steps to create your OAuth software to make use of along with your Joomla web site:

  • Add a reputation in your software. You’ll want this if you configure the Joomla plugin.
  • Go away a lot of the settings at their default values.
  • You have to so as to add your URL to each the Approved redirect URLs area and the Approved request origin URLs fields

That is what your configuration would possibly seem like:

Save the appliance through the icon on the high of the appliance web page.

You’ll now be returned to your software checklist. Click on Edit to return to the settings for the appliance the place now you can see the generated Id and secret. You have to this to configure the OAuth shopper in Joomla within the subsequent step.

Getting the FusionAuth Joomla SSO Application client Id and secret.

Establishing FusionAuth utilizing Kickstart

As an alternative of manually establishing FusionAuth utilizing the admin UI, it’s also possible to use Kickstart. This allows you to get going rapidly you probably have a contemporary set up of FusionAuth. Study extra about the way to use Kickstart. Right here’s an instance Kickstart file which units up FusionAuth for this tutorial.

You’ll have to edit that Kickstart file and replace the appliance identify and redirect URLs.

Configuring customers

When a consumer logs right into a web site with SSO, they first log into FusionAuth. Then, FursionAuth passes their authorization particulars again to the Joomla web site to permit entry.

For ease of testing, your FusionAuth administrator account particulars must also be the Tremendous Admin consumer particulars in your Joomla web site.

When configuring extra customers you have to arrange two consumer accounts: one in FusionAuth after which the second in your Joomla web site for it to match and authorize. The Joomla account will decide what entry the consumer account has on the positioning.

Computerized consumer creation is a characteristic that requires the registered model of the miniOrange plugin.

Configuring the OAuth Shopper in Joomla

Log into your Joomla Administrator space, and for those who’ve not already accomplished so within the preparation step above, set up the miniOrange Joomla OAuth Shopper.

As soon as put in you now have to configure the OAuth Shopper so it might connect with FusionAuth.

  • Navigate to “Parts”, then “miniOrange OAuth Shopper”, then select “Configure OAuth”.

Configure the OAuth client.

  • Optionally take the tour of the plugin, or click on “Skip Tour” for those who’re simply following this tutorial. The entire settings you have to configure for the usual (free) model of the plugin are on the Configure OAuth tab.
  • To configure OAuth utilizing FusionAuth, select “Customized OAuth”, which is on the backside of the display screen.

Configure OAuth options.

There are a number of gadgets that you have to copy out of your FusionAuth software settings after which paste them into the varied fields within the Configure OAuth Software:

  • Customized App Identify: your FusionAuth Software identify
  • Shopper Id: the FusionAuth Software Shopper Id worth
  • Shopper Secret: the FusionAuth Software Shopper Secret worth

Subsequent there are 4 fields that must be accomplished with values that inform the plugin some variables which are wanted to speak to your FusionAuth occasion.

  • Scope: enter openid as the worth
  • Authorize Endpoint: enter http(s)://<your FusionAuth URL>/oauth2/authorize
  • Entry Token Endpoint: enter http(s)://<your FusionAuth URL>/oauth2/token
  • Get Person Information Endpoint: enter http(s)://<your FusionAuth URL>/oauth2/userinfo

Lastly, you possibly can optionally set the checkboxes to specify what the looks of your SSO hyperlink will probably be. Checking “Present hyperlink on login web page” will insert a hyperlink in your login type that has “Click on right here for SSO”. Uncheck this field if you want to have a unique button in your SSO sign up, which is described within the subsequent part.

Custom Joomla OAuth configuration Settings.

When you’ve accomplished all this a part of the configuration click on on “Save Settings”. To substantiate whether or not the data is all right, click on on “Check Configuration”. This may open a brand new window with a Check Profitable message:

Joomla OAuth Test Result screen.

Scrolling by this web page, you’ll see varied attributes and the values which are returned by FusionAuth that the OAuth Shopper then processes for the SSO.

You have to to establish two Attributes within the checklist so as to full the Attribute Mapping fields on the backside of the Configure OAuth Software display screen.

  • For the Electronic mail Attribute returned by FusionAuth use the attribute identify e mail.
  • For the Username Attribute returned by FusionAuth use the attribute identify preferred_username.

Joomla Attribute Mapping settings.

Click on “Save Attribute Mapping” to save lots of these values.

Your Joomla web site ought to now be appropriately configured to permit you to use FusionAuth SSO to log into the web site.

Including a frontend SSO button

To have the ability to use the OAuth SSO performance, you’ll want to verify customers have a solution to log into the positioning and in flip log in with a single click on. When you don’t have both a login module revealed, or a menu merchandise set as much as load the Login element, set that up in your web site first.

The pink arrow under reveals the best way the miniOrange plugin defaults to including a “Click on right here for SSO” hyperlink to the login module. Equally on the Login web page choice, it locations a hyperlink just under the Login button. Unchecking the field as indicated earlier within the tutorial will conceal this model of the hyperlink.

The inexperienced arrow factors to a customized button for the SSO choice. You may customise this button to match the fashion of your web site. The code for the instance appears to be like like this:

<a class="btn btn-primary" href="?morequest=oauthredirect&app_name=different">FusionAuth SSO</a>

You may paste that code into varied locations in your Joomla web site to make the SSO login button seem on the positioning. Examples embrace:

  • Pre-text area for the Joomla Login module.
  • Put up-text area within the Joomla Login module to have it seem under the login field.
  • Place the code in a Customized HTML module that you would be able to then place somewhere else on the positioning.

Joomla SSO Login Options.

Including an SSO button to your administrator login display screen

There are two methods to supply administrator entry to your web site through SSO.

Administrator login

The miniOrange OAuth Shopper plugin presently doesn’t add a button for the Administrator login web page for Joomla. However you possibly can simply add your individual button by creating an Administrator Customized HTML module.

  • Within the backend of the positioning, go to “Extensions” after which “Modules”.
  • Change the filter from Website to Administrator.
  • Create a brand new Module, deciding on Customized HTML because the module kind.
  • Change to code view and paste the next code into the editor:
<a class="btn btn-primary btn-block btn-large login-button" href="?morequest=oauthredirect&amp;app_name=different">FusionAuth SSO</a>`
  • Set the module place to Login.
  • Save and shut the module.

While you log off you must now see the FusionAuth SSO button in your login display screen:

Administrator login with FusionAuth SSO login button.

Shared periods

The opposite choice is to allow shared periods. Joomla has a characteristic the place you possibly can share periods between the back and front finish of the web site. Turning on this characteristic will imply that to entry your backend, you simply have to log into your entrance finish first and vice versa.

To allow this characteristic, within the backend of your web site navigate to “System”, then “World Configuration”, then the System tab. Then scroll all the way down to “Session Settings” and set “Shared Classes” to Sure. Lastly, save your World Configuration.

Testing Your SSO login

Go to your Joomla entrance finish and you must now see your login type with a FusionAuth SSO button (or a button with no matter label you’ve placed on it in your web site).

Front end login example.

Clicking on the FusionAuth SSO button ought to log you straight into the web site.

Front end logout example.

Clicking Log off will then log you out of the positioning and also you’ll see the Login type as soon as extra.


FusionAuth has made troubleshooting simple. When you’ve missed a setting in your OAuth configuration, you’ll most certainly see an error message come again telling you what you’ve missed. Test again by the settings above to be sure to have copied the right data over from FusionAuth, and that you’ve saved each the OAuth settings in addition to the Attribute Mapping within the miniOrange OAuth Shopper.

You would possibly discover that after a restart or a very long time between logins, your FusionAuth occasion will log off. When that occurs, clicking the FusionAuth SSO button in your login type will add an extra step so that you can log into your FusionAuth occasion once more in order that it might entry the SSO credentials. As soon as logged in, the SSO service goes again to a single click on to authorize your entry the subsequent time you need to log in utilizing SSO.

The miniOrange plugin makes use of cURL to course of the OAuth authorization. So that you gained’t be capable of join FusionAuth as much as distant websites utilizing FusionAuth operating regionally, at, for example, http://localhost:9011. When you run an area FusionAuth server and need to use it to authorize connections for a distant web site, use NAT routing to configure your native server so it’s accessible to the web or a service like ngrok.


From rushing up entry to websites you handle to making a neighborhood of customers and granting them entry utilizing SSO to a number of websites, there are a lot of benefits to enabling SSO for Joomla web sites.

OAuth is only one characteristic of FusionAuth, however you possibly can see how simply you possibly can set it as much as make your login course of extra streamlined. Joomla web site builders can look extra at FusionAuth’s superior options as an answer for consumer administration and enhancing Joomla’s entry management capabilities in addition to present methods to seamlessly work together with different purposes sharing SSO by your FusionAuth occasion.

*** This can be a Safety Bloggers Community syndicated weblog from The FusionAuth Weblog authored by The FusionAuth Weblog. Learn the unique submit at: https://fusionauth.io/weblog/2021/09/09/how-to-set-up-single-sign-on-between-fusionauth-joomla/

Supply hyperlink