Joomla user authorization with external SSO

1
votes

I am trying to integrate a Joomla website with an internal Single Signon System. The SSO user authentication & authorization system was home grown and handles all of our user access.

I have an SSO website that I would like to send all Joomla users to, once they are authenticated they will be re-rerouted back to the Joomla website and they would be logged in.

What I need to be able to do is set a session variable and check this session id against our authentication server to see if the User session is still valid, essentially augmenting the Joomla Session / authorization check. If the session is invalid, I would redirect the user to the SSO login page.

Is there a core Joomla event that I can attach to that would allow be to perform authorization also??

2
joomla

2 Answers

2
votes

This is a high level overview where you can do some things.

There are two events which you can use to trigger and to intercept the authentication process.

As a system plugin, using onAfterInitialise() you can trigger very early in the execution cycle an authentication request:

    // Get the application object.
    $app = JFactory::getApplication();
    $result = $app->login($credentials, $options);

Basically when the user loads a page, if it does not already have a session / is a guest JFactory::getUser()->guest === 1, you can try to authenticate the user, based on whatever you like.

The request earlier triggered can be intercepted with a authentication plugin, implementing the method onUserAuthenticate(). Inside this method you can actually make a request to the external system by whatever means you like (see existing authentication plugins).

0
votes

You need an authentication bridge.

JFusion should allow you to do what you want. As well as integrating with various existing systems it allows for a custom authentication bridge.

http://extensions.joomla.org/extensions/access-a-security/site-access/authentication-bridges/3723