Forum Discussion

Nick_Simos_6822's avatar
Nick_Simos_6822
Icon for Nimbostratus rankNimbostratus
Oct 14, 2015

SSO to joomla using external form

Hi all,

 

Has anybody tried to achieve SSO to a joomla 3.x site using an external form? I have managed to post the credentials from the external form to APM and authenticate the user, but it seems I can't post credentials to Joomla, hense I can't login.

 

Any help is appreciated

 

5 Replies

  • Hi Nick,

     

    So if I understand correctly you have the following setup...

     

    EXTERAL FROM -> APM Logon Page -> Joomla Site

     

    You want the creds from the external form to be passed to Joomla? Do you have the external form setup as an "external logon page" in the VPE? Do you have SSO configured for the joomla resource?

     

    If you can provide us a little bit more details we would be happy to help.

     

    Seth

     

  • Hi,

    you want to :

    • host the logon page on a external server with "external logon page"
    • authenticate user on AD
    • allow user to browse joomla with SSO "SSO - Forms Client Initiated"

    Are you authenticated on AD? if yes, the external logon page is providing username and password in session.logon.last.username and session.logon.last.password variables.

    to troubleshoot, can you add a message box before allow with message:

     

    Logon Username is: %{session.logon.last.username}
    SSO Username is: %{session.so.token.last.username}
    

     

    It will show you ssl credential mapping result (Logon username and SSO username must be the same)

    If all is OK until here, now you can search how to configure SSO with joomla. SSO is working with the SSO variables and the use of external logon page is not the cause.

    Using "SSO - Forms Client Initiated" is a big challenge. Most of times, it is easier to change back end server authentication instead of configuring "SSO - Forms Client Initiated".

    If you look at "SSO - Forms Client Initiated" behavior, it is not the best SSO method as it insert javascript in server response forcing the browser to POST authentication form with fake credentials, inspect next request and replace fake credentials with right ones.

    I had some issues with this SSO method to authenticate to Exchange 2013 (I followed the deployment guide)

    there are some joomla plugins to support Basic or Kerberos authentication.

  • You are correct,

     

    I am trying to host a logon page to an external web server and use AD to authenticate. The main goal is to achieve SSO between different applications.

     

    I have added the logging you suggested and, as expected, the username is correct. I replaced external sso form with a standard login form but again a i can't login to joomla.

     

    So, i believe that SSO mapping is not working as expected and credentials are not posted to joomla.

     

  • Hi,

     

    The main goal of the test I suggested was to show you that when credentials are right in variables, there is no need to try to change authentication method...the only thing that matters, is variables values are those required by the authentication server and SSO.

     

    As I sugested, try to change Joomla authentication method and create F5 SSO for this authentication method.