Sign in to Joomla with OpenAthens
This is an example of how to set up a custom SAML resource so that you can log in using OpenAthens using Joomla and the free version of the Miniorange SSO extension.
Whilst our service desk will always try to be helpful, they can only support the OpenAthens part of this.
- Access to your Joomla administration portal
- Access to the OpenAthens administration area at the domain level
- If you have not already done so add the miniorange extension according to their instructions (https://extensions.joomla.org/extensions/extension/miniorange-sso-for-joomla/)
- Under Components > Miniorange SAML Single Sign-On > Identity Provider Settings click upload metadata and on the next page enter the URL of your OpenAthens Metadata which will look like: https://login.openathens.net/saml/2/metadata-idp/OPENATHENSDOMAIN
OPENATHENSDOMAIN can be looked up on your organisation summary. It is usually the same as the internet domain used as your scope
For more information about your metadata address, see how to access your login.openathens.net metadata.
Save the details
Set up the custom SAML resource in OpenAthens
Since this application is not in a federation and is specific to you, it must be added as a custom resource so that our systems know about it.
- Access the administration area as the domain administrator and navigate to the catalogue (Resources > Catalogue).
- Switch to the custom tab and click on the Add button
- Select the SAML option
Supply your Joomla metadata address (usually http://YOURJOOMLA.COM/?morequest=metadata)
- Click the create button
This will create the basic custom resource. We can come back and add details later if we need to.
Add Joomla to your release policy
- Still in the administration area navigate to the release policy page (Preferences > Attribute release)
- Add a resource policy via the button
- Start typing 'miniOrange'
- Select it from the list
- Click the advanced button within the policy to access the NameID settings:
- Set the SAML NameID format and attributes from the drop down boxes as:
- NameID format -
- NameID attribute:
- NameID format -
- Click done and then save changes
This will now release the email attribute to Joomla as the username it expects.
Components > Miniorange SAML Single Sign-On > Identity Provider Settings > Test Configuration
Add the SAML login link to your Joomla login page
The link will be http://YOURJOOMLA.COM/?morequest=sso
If you are running in restrictive mode, the SAML resource MUST be included in at least one of the permission sets used by anyone who should gain access. If not then OpenAthens will block access at the authentication point.
If you have sub-organisations you MUST ALSO set the visibility setting described above and allocate it to permission sets under those sub-organisations. The cascade option may be useful.