Joomla 3.3 SAML plugin based on the OneLogin SAML toolkit
Switch branches/tags
Nothing to show
Clone or download
Latest commit 184426d Nov 23, 2017
Type Name Latest commit message Commit time
Failed to load latest commit information.
onelogin Fix #4 Nov 23, 2017
plg_user_oneloginsaml Release 1.5.0 May 3, 2017
LICENSE Add License Jul 7, 2016 Release 1.4.0 Oct 14, 2016 Release 1.5.0 May 3, 2017 Release 1.5.0 May 3, 2017


Joomla 3.3 SAML Authentication plugin based on OneLogin PHP SAML Toolkit.

This plugin enables your Joomla users to log in through SAML.

joomlsa-saml version 1.3.0 updates php-saml library to 2.10.0 (it includes SAML Signature Wrapping attack prevention and other security improvements). Previous versions are vulnerable.


  • Single sign on
  • Single log out
  • Just on time provisioning
  • Supports groups


Take a look on the php saml toolkit dependences:


At the admin interface, click on Extensions > Extension Manager. (the plugin) and (the library) must be installed.


At the admin interface, click on Extensions > Plugin Manager. Search "Onelogin SAML". Click on the name of the plugin. At the "Description" tab you will find info describing the rest of the tabs. Once the settings are set, turn enable the plugin.

The metadata of the Joomla SP will be available at

http://<path to joomla/plugins/user/oneloginsaml/oneloginsaml.php?metadata

How to add "SAML Login" link

The "SAML Login" link can be added in at least 2 different places:

  • Add the link to the "Login Form module". At the admin interface, click on Extensions > Module Manager and search the word "Login", in the result you can find the active modules that currently are rendering a Login Form. Edit them and in the pre-text add the following:
   <a href="http://<path to joomla>/plugins/user/oneloginsaml/oneloginsaml.php?sso">SAML Login</a>
  • Add the link to the main login form (Component User, View login). At the admin interface, click on Extensions > Module Manager and edit the "Site" templates that are currently used. Click on "Create Overrides" and select at "Components" the "com_users" > "login". Later click on the editor and edit html > com_users > login > default_login.php. You will see the a mix of php and html, search the line around 78 and after the JLOGIN button set:
   <a href="http://<path to joomla>/plugins/user/oneloginsaml/oneloginsaml.php?sso" style="padding-left:20px;">SAML Login</a>

Local Login

When SAML enabled, you can always continue login through other login backends. Maybe we will disable the local login in future but will provide a way to rescue the system in case that something go wrong with SAML.