Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Info
iconfalse

Whilst our service desk will always try to be helpful, they can only support the OpenAthens part of this.

Prerequisites

  • Access to your Joomla administration portal
  • Access to the OpenAthens administration area at the domain level

Method

Table of Contents
maxLevel3
minLevel3

Configure Joomla

  1. If you have not already done so add the miniorange extension according to their instructions (https://extensions.joomla.org/extensions/extension/miniorange-sso-for-joomla/)

  2. Under Components > Miniorange SAML Single Sign-On > Identity Provider Settings click upload metadata and on the next page enter the URL of your OpenAthens Metadata which will look like: https://login.openathens.net/saml/2/metadata-idp/OPENATHENSDOMAIN

...

For more information about your metadata address, see how to access your login.openathens.net metadata.

Save the details


Set up the custom SAML resource in OpenAthens

Since this application is not in a federation and is specific to you, it must be added as a custom resource so that our systems know about it.

...

This will create the basic custom resource. We can come back and add details later if we need to.

Add Joomla to your release policy

  1. Still in the administration area navigate to the release policy page (Preferences > Attribute release)

  2. Add a resource policy via the button

    1. Start typing 'miniOrange'
    2. Select it from the list

  3. Click the advanced button within the policy to access the NameID settings:

  4. Set the SAML NameID format and attributes from the drop down boxes as:

    1. NameID format - urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress

    2. NameID attribute: Email address

  5. Click done and then save changes

This will now release the email attribute to Joomla as the username it expects.

Test

Components > Miniorange SAML Single Sign-On > Identity Provider Settings > Test Configuration

Add the SAML login link to your Joomla login page

The link will be http://YOURJOOMLA.COM/?morequest=sso

Restrictive mode

If you are running in restrictive mode, the SAML resource MUST be included in at least one of the permission sets used by anyone who should gain access. If not then OpenAthens will block access at the authentication point.

...