From Authentication Tools for Joomla! (JAuthTools)

This page documents the various parts of the JAuthTools SSO Infrastructure

Contents 1 Components 1.1 SSO 1.2 Token Login 2 Modules 2.1 SSO Helper 2.2 SSO 3 Plugins 3.1 System - SSO 3.2 SSO Plugins 3.3 Identity Provider Plugins 3.4 User Source Plugins

Components

There are two components in the SSO area: the SSO component which handles generic SSO configuration and the token login component which handles managing the token login process.

SSO

The SSO Component provides the ability to in one location configure most plugins relating to a users authentication experience. Its unique feature is that it provides a point to configure instances of Type B plugins (called service providers), however it also provides quick access to other types of plugins such as identity providers, SSO, authentication, user source, service provider and user plugins.

Token Login

Token Login is a system that enables users to use tokens to log into their account. The Token Login Component provides an interface to enable administrators to issue, alter and revoke tokens.

Modules

SSO Helper

The SSO Helper is a module that can be used to trigger SSO events on particular pages. It works similar to the "System - SSO" plugin by calling the 'detectRemoteUser' function on all plugins.

SSO

The SSO module handles displaying service provider links (Type B plugins) and forms (Type C plugins).

Plugins

System - SSO

There is one system plugin used in SSO that handles bootstrapping the authentication process and calling the 'detectRemoteUser' function for all plugins.

SSO Plugins

SSO plugins come in three varieties: type A, B and C. Type A are the original SSO plugin type and only provide the ability to detect the remote user from the request, type B plugins are often referred to as 'service providers' and have multiple instances associated with them for each service provider and type C plugins provide the ability to display a form to the user for authentication or gathering required information. An SSO plugin may also be called a 'relying party', or RP, in some situations. The key function, 'detectRemoteUser', is expected to return a username of the identified user. SSO plugins may also optionally populate the session with a 'UserSourceDetails' object to enable autocreation via the Session User Source plugin.

Identity Provider Plugins

Identity Provider plugins, or IDP plugins, are designed to expose the local users of a site for remote authentication. Whilst not a part of authenticating a local request, IDP's can provide centralised authentication.

User Source Plugins

User Source plugins provide information required for Joomla! to create or update users. User Source plugins are relied upon in the SSO system to provide autocreation functionality in situations where a new user is attempting to log in via SSO.