SSO/Infrastructure
From Authentication Tools for Joomla! (JAuthTools)
This page documents the various parts of the JAuthTools SSO Infrastructure
Contents |
Components
There are two components in the SSO area: the SSO component which handles generic SSO configuration and the token login component which handles managing the token login process.
SSO
The SSO Component provides the ability to in one location configure most plugins relating to a users authentication experience. Its unique feature is that it provides a point to configure instances of Type B plugins (called service providers), however it also provides quick access to other types of plugins such as identity providers, SSO, authentication, user source, service provider and user plugins.
Token Login
Token Login is a system that enables users to use tokens to log into their account. The Token Login Component provides an interface to enable administrators to issue, alter and revoke tokens.
Modules
SSO Helper
The SSO Helper is a module that can be used to trigger SSO events on particular pages. It works similar to the "System - SSO" plugin by calling the 'detectRemoteUser' function on all plugins.
SSO
The SSO module handles displaying service provider links (Type B plugins) and forms (Type C plugins).
Plugins
System - SSO
There is one system plugin used in SSO that handles bootstrapping the authentication process and calling the 'detectRemoteUser' function for all plugins.
SSO Plugins
SSO plugins come in three varieties: type A, B and C. Type A are the original SSO plugin type and only provide the ability to detect the remote user from the request, type B plugins are often referred to as 'service providers' and have multiple instances associated with them for each service provider and type C plugins provide the ability to display a form to the user for authentication or gathering required information. An SSO plugin may also be called a 'relying party', or RP, in some situations. The key function, 'detectRemoteUser', is expected to return a username of the identified user. SSO plugins may also optionally populate the session with a 'UserSourceDetails' object to enable autocreation via the Session User Source plugin.
Identity Provider Plugins
Identity Provider plugins, or IDP plugins, are designed to expose the local users of a site for remote authentication. Whilst not a part of authenticating a local request, IDP's can provide centralised authentication.
User Source Plugins
User Source plugins provide information required for Joomla! to create or update users. User Source plugins are relied upon in the SSO system to provide autocreation functionality in situations where a new user is attempting to log in via SSO.