This document describes how to enable Active Directory authentication module for Joomla!
Active Directory Login module for Joomla, will allow Joomla sites to have Authentication using an Active Directory Federation Service (ADFS) 2.0 enabled server using the WS Federation Protocol. Using this module Joomla user accounts can be associated with an Active Directory login identity, there by Active Directory credentials can be used to login to Joomla site.
- Joomla 1.5 or 1.6
- PHP 5.2 with mhash & mcrypt and OpenSSL enabled.
- Configure the Joomla site with https so that ADFS can communicate through SSL
- Active directory federation service with Relying party trust set up to your domain/site.
Active Directory Relying Party Configuration
Active directory Relying party configuration is described in a separate document. Please refer to ADFS 2.0 Relying Party Trust Configuration
Relying party endpoint URL should be configured in the relying party configuration. This url is different for joomla 1.5 and joomla 1.6. It is as follows
- Joomla 1.5 - <joomla Base URL>/plugins/authentication/adfshandler.php
- Joomla 1.6 - <joomla Base URL>/plugins/authentication/adfs/adfshandler.php
Joomla base url in the above is the base site url where joomla is configured. The 3 different parameters needed from Active Directory Federation Service to configure the Plugins are as follows
- ADFS Endpoint URL (Ex: https://adfsdemo2.com/adfs/ls)
- SP Identifier/Realm of Relying party trust (Ex: urn:federation:php.cloudapp.com)
- Relying party trust certificate installed
SP Identifier configured in ADFS should exactly match with the one configured in the plugin.
Download Joomla Extensions
You need to download component, module and plugin extensions for the specific version of Joomla.
Install Joomla Extensions
Once you enable this module, you will be able to login to Joomla sites using your Active Directory account which is associated with your Joomla account.
- Login to Joomla Administration Site
- Install the provided extensions.
Configure Joomla Extensions
Configure the module and plugin for ADFS authentication.
Configure Active Directory Module
It is assumed that you have experience in customizing the existing Login Form module provided by Joomla. If you haven’t done this, you could find more details at http://docs.joomla.org/Customising_the_Login_Form_module.
- Go to ‘Module Manager’
- Customize ‘Active Directory Login’ module.
Screen captures of configuration for different Joomla versions
The below screen captures will show you how to set up the ADFS configuration for different Joomla versions.
- Sample configuration ADFS for Joomla 1.5
- Sample configuration ADFS for Joomla 1.6
Configure Active Directory Plugin
- Go to ‘Plugin Manager’
- Customize ‘Authentication – Active Directory’ plugin, Enter the following configuration params
- Adfs Endpoint URL
- Endpoint URL of ADFS service.
- SP Identifier/Realm
- Service provider (SP) identifier, this should match the SP identifier value configured in ADFS Relying party configuration.
- Encryption Certificate Path (Optional Parameter)
- Enter a certificate path if used to decrypt authentication responses which have been sent encrypted. This value is optional based on whether the encrypted response is configured with ADFS. Acceptable certificate format is ‘.pem’. Absolute path of the certificate file on the server should be provided.
- Encryption Certificate password (Optional Parameter)
- Encryption certificate password can be used in conjunction with Encryption Certificate provided. The password is the key to the certificate in such case.
- Enable ‘Authentication-Active Directory’ plugin
- During Logout, user is not logged out from ADFS sites. So the user is expected to close the browser session to remove any Adfs cookies or tokens in the current browser session.
- Active Directory Authentication feature is not supported for Joomla Administration Site.
- ADFS Component is displayed in the Components Menu item. Currently there is no view required/implemented for this component but is displayed in Joomla 1.6.
- Email to firstname.lastname@example.org for any issues and feedback.