Page tree
Skip to end of metadata
Go to start of metadata

This is an example of how to set up a custom SAML resource so that you can log in using OpenAthens using Joomla and the free version of the Miniorange SSO extension.

Whilst our service desk will always try to be helpful, they can only support the OpenAthens part of this.

Prerequisites

  • Access to your Joomla administration portal
  • Access to the OpenAthens administration area at the domain level

Method


Configure Joomla

  1. If you have not already done so add the miniorange extension according to their instructions (https://extensions.joomla.org/extensions/extension/miniorange-sso-for-joomla/)

  2. Under Components > Miniorange SAML Single Sign-On > Identity Provider Settings click upload metadata and on the next page enter the URL of your OpenAthens Metadata which will look like: https://login.openathens.net/saml/2/metadata-idp/OPENATHENSDOMAIN

OPENATHENSDOMAIN can be looked up on your organisation summary ( in the menu bar). It is usually the same as the internet domain used as your scope

For more information about your metadata address, see how to access your login.openathens.net metadata.

Save the details


Set up the custom SAML resource in OpenAthens

Since this application is not in a federation and is specific to you, it must be added as a custom resource so that our systems know about it.

  1. Access the administration area as the domain administrator and navigate to the catalogue (Resources > Catalogue).

  2. Switch to the custom tab and click on the Add button



  3. Select the SAML option

  4. Supply your Joomla metadata address (usually http://YOURJOOMLA.COM/?morequest=metadata)

  5. Click the create button

This will create the basic custom resource. We can come back and add details later if we need to.

Add Joomla to your release policy

  1. Still in the administration area navigate to the release policy page (Preferences > Attribute release)

  2. Add a resource policy via the button

    1. Start typing 'miniOrange'
    2. Select it from the list

  3. Click the advanced button within the policy to access the NameID settings:

  4. Set the SAML NameID format and attributes from the drop down boxes as:

    1. NameID format - urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress

    2. NameID attribute: Email address

  5. Click done and then save changes

This will now release the email attribute to Joomla as the username it expects.

Test

Components > Miniorange SAML Single Sign-On > Identity Provider Settings > Test Configuration

Add the SAML login link to your Joomla login page

The link will be http://YOURJOOMLA.COM/?morequest=sso

Restrictive mode

If you are running in restrictive mode, the SAML resource MUST be included in at least one of the permission sets used by anyone who should gain access. If not then OpenAthens will block access at the authentication point.

If you have sub-organisations you MUST ALSO set the visibility setting described above and allocate it to permission sets under those sub-organisations. The cascade option may be useful.





  • No labels