Configure Shimla SSO

You can modify the settings of the three plugins under the Plugins Manager. You can filter form the by “shimla”. You will need to enable them for the plugins to take effect.

plgSystemSso

You generally will not need to make any changes within this plugin’s settings.

plgAuthenticationShibboleth

Under Basic Settings, ensure that the names there match the id’s of the attributes mapped under /etc/shibboleth/attribute-map.xml

plgUserGroupMapper

This is an optional plugin. You will need to change the ordering of this plugin after the out-of-the-box Joomla User plugin in order for it to work.

This plugin allows you to place a user into a user group upon entering the site based on an attribute. To use this, the IdP will need to release an attribute that corresponds to a user’s “group”. For example, if the IdP releases a multi-valued attribute (semi-colon delimited) called “affiliation”, you can configure the group mapper to map users that have a value of “student” to an existing Joomla user group.

Login and Logout Menu Links

The Login module provided by Joomla will not work with Shimla SSO. You should disable it under the Module Manager if you are not planning on using it.

For Shimla, you will need to create two External URLs under a Joomla menu — a Login link and a Logout link.

For the Login link, the value should be /Shibboleth.sso/Login and visible to the Guest group. This will hide the link once a user has authenticated.

For the Logout link, the value should be /Shibboleth.sso/Logout?return=urlEncodedAbsoluteUrlOfJoomlaRootSite and visible to the Registered group. You will need to replace¬†urlEncodedAbsoluteUrlOfJoomlaRootSite with your site’s actual absolute URL.