Instead of using an external party like Google or Facebook to handle your authentication you can use your Joomla site as an Identity Provider. Hook up any client, like any other Joomla site or another application that makes use of SAML to connect to your Joomla website. Using RO Single Sign On as Identity Provider makes connecting an identity provider very easy.
Identity Provider Profiles
You can create one or more identity providers and manage them directly from your site. This includes an option to refresh the metadata of your identity provider. This can also be setup as a cronjob so it happens at a set interval.
There are a number of options that can be set how the connection with your site should behave:
- Default usergroup
This is the usergroup new users will be assigned to
- Usergroup mapping
This allows to map users to multiple groups based on a value coming from the identity provider
- Redirect after login
Here you can specify where the user should be redirected to after login
In the authorization you can set the URL to the metadata file of the identity provider and the key files to use. There are 2 key files in use:
- private key
- certificate key
Both are needed to setup the connection with the identity provider. This ensures that all data is encrypted.
The fields configuration allows you to map the fields coming in from the identity provider to the fields used in your Joomla installation. Shown here are the default Joomla fields as required by Joomla. You are free to extend this to your own needs.