Login with Keycloak OAuth Single Sign-On (SSO) | Login into Joomla using Keycloak

Keycloak acts as the OAuth Provider and Joomla acts as the OAuth Client. Login into Joomla using Keycloak provides a smooth login between these two, removing the need to remember usernames and passwords.

How does this work?

Your Joomla site acts as an OAuth 2.0 client which is used to establish trust between your Joomla site and your Keycloak server. When a user logs into your Joomla site, your site sends an authentication request to the Keycloak server. The user is then redirected to the Keycloak server to authenticate themselves. The user enters their Keycloak credentials, if the credentials are correct, a token is returned to your Joomla site, allowing your user to access your protected websites. The Keycloak SSO plugin is designed to be easily configurable, allowing you to customize the authentication flow and integrate with a wide range of Keycloak servers.

LIST OF GRANT TYPES WE SUPPORT FOR KEYCLOAK SINGLE SIGN-ON (SSO)

Authorization code grant
Implicit grant
Resource owner credentials grant (Password Grant)
Client credentials grant
Refresh token grant
Authorization code grant with PKCE flow ( Proof Key for Code Exchange ).

Click here to watch the premium features of the plugin.

Click here to configure the plugin using Keycloak.

Free Version Features:-

• Supports login with your Keycloak server.
• Limited User Authentication
• Attribute Mapping – Basic Attribute Mapping features to map Joomla user attributes (Username and Email only).
• Login Using the Link.
• Auto-fill Keycloak server configuration with Joomla OAuth Client.

Standard Version Features:-

• All Free Version Features included.
• Unlimited Auto Register users.
• Unlimited User Authentication.
• Login widget customization.
• Authorization Code Grant
• Custom Redirect URL after login and logout - Redirect the user to a custom URL after successful login and logout.
• Basic Group Mapping.

Premium Version Features:-

All the Free version and Standard Version Features are included.
Attribute Mapping - Advance Attribute Mapping feature to map Joomla user attributes like username, first name, last name, and email. Manage username & email with data provided.
Advance Group Mapping.
Force Authentication / Protect the complete site.
OpenId Connect Support – Login using OpenId Connect Server.
Domain Specific Registration

Enterprise Version Features :-

• All the Premium Version Features Included.
• Grants Settings
• Additional End Points for getting user groups from your Keycloak server.
• Login Reports/Analytics.

JOOMLA KEYCLOAK SIGN-ON ( SSO ) SUPPORTED ADD-ONS

We have a variety of add-ons that can be integrated with the Keycloak OAuth SSO plugin to improve the OAuth SSO functionality of your Joomla site.

• Keycloak User Sync:- Keycloak User sync allows you to synchronize and provision your Joomla users into Keycloak and vice-versa, allowing to create, read, update, delete and deactivate users between Keycloak and Joomla.

• SCIM User Provisioning:- Joomla SCIM enables your users to log in to your Joomla site and sync user creation, update, and delete from your IDP to your Joomla site using SCIM User Provisioning.

• Role/Group Based Redirection:- Role/Group-Based Redirection Add-on can be used to redirect the user to a specific URL based on the roles/groups received from the OAuth server.

• SSO Session Management:- SSO session management add-on manages the login session time of your users based on their Joomla roles.

• SSO Login Audit:- SSO Login Audit captures and tracks all the Single Sign-On users and generates reports

• Two Factor Authentication

• User Role Editor

• Limit Login Attempts

• Guest User Login

REST API AUTHENTICATION

Secures unauthorized access to your Joomla sites/pages using our Joomla REST API Authentication plugin.

Firebase Authentication

The Firebase Authentication SDK includes methods for creating and managing users who sign in with their email addresses and passwords.

Installation Steps :

Goto Extensions --> Manage --> Install.
Search for the miniOrange OAuth client in the search box
Install the Miniorange OAuth Client plugin.
Then go to Extensions --> Manage --> Manage.
Search for miniOrange in the search box
Enable all the extensions present in the list.
Configure the plugin at Component-> miniorange OAuth client ->configure OAuth.

Dependencies

NONE

24/7 Support

If you require any Single Sign On (SSO) application or need any help with installing or configuring this plugin, please feel free to reach out to us on our 24*7 support at joomlasupport@xecurify.com or Contact us.

WEBSITE
You can click here to visit our website for more security-related solutions. For more support or info email us at joomlasupport@xecurify.com. You can also submit your query from the plugin’s configuration page.