Whilst our service desk will always try to be helpful, they can only support the OpenAthens part of this.
- Access to your Joomla administration portal
- Access to the OpenAthens administration area at the domain level
|Table of Contents|
- If you have not already done so add the miniorange extension according to their instructions (https://extensions.joomla.org/extensions/extension/miniorange-sso-for-joomla/)
- Under Components > Miniorange SAML Single Sign-On > Identity Provider Settings click upload metadata and on the next page enter the URL of your OpenAthens Metadata which will look like: https://login.openathens.net/saml/2/metadata-idp/OPENATHENSDOMAIN
Save the details
Set up the custom SAML resource in OpenAthens
Since this application is not in a federation and is specific to you, it must be added as a custom resource so that our systems know about it.
This will create the basic custom resource. We can come back and add details later if we need to.
Add Joomla to your release policy
- Still in the administration area navigate to the release policy page (Preferences > Attribute release)
- Add a resource policy via the button
- Start typing 'miniOrange'
- Select it from the list
- Click the advanced button within the policy to access the NameID settings:
- Set the SAML NameID format and attributes from the drop down boxes as:
- NameID format -
- NameID attribute:
- NameID format -
- Click done and then save changes
This will now release the email attribute to Joomla as the username it expects.
Components > Miniorange SAML Single Sign-On > Identity Provider Settings > Test Configuration
Add the SAML login link to your Joomla login page
The link will be http://YOURJOOMLA.COM/?morequest=sso
If you are running in restrictive mode, the SAML resource MUST be included in at least one of the permission sets used by anyone who should gain access. If not then OpenAthens will block access at the authentication point.