CB/CBS and SAML

My client wishes to use SAML/SSO with Joomla/CB/CBS as the recognised identity provider. We have identified a SAML plugin that works with a standard Joomla site/user authenticaton. Is there anything about the way CB/CBS augments the standard Joomla site/user authentication processes that is likely to interfere with the operation of this SAML plugin? If no, are the CB fields and CBS memberships info able to be passed in the same way as info from the Joomla User table? I could find no information on CB/CBS and SAML integration.

J2.5.14 CB1.9 CBS 3.0

I've no idea what SAML is so I can't comment on whether it'll work with CB or not. If it's a Joomla authentication plugin then you need to set CBs login type to accept authentication plugins within CB > Configuration > General.

Sorry, should have included info on SAML - I am new to it myself, so have a look at en.wikipedia.org/wiki/Security_Assertion_Markup_Language . I understand it is the technology commonly used when a site allows the login credentials of another site (eg Google, Facebook etc) to be used to authenticate the user.

I think the authentication plugins you referred to would apply when Joomla relied on such an external site as its identity authorisation point?

In our case an external service provider will rely on our Joomla site with CB/CBS as the identity authorisation point.

The external service provider is confident that they can provide an existing open source SAML plugin that works with a standard Joomla 2.5+ site. What I need to know is if the CB/CBS layer we have on top of Joomla is likely to complicate this.

I understand that you have no direct SAML experience but I expect you would still be able to make a more informed guess than I can and you may be able to help me phrase much better questions about any uncertainties.

I've no idea what your plugin is supposed to do so there is nothing I can suggest. If it's just an authentication plugin that on login tests the credentials supplied against a service then yes it may work as long as CB is configured to use authentication plugins for login. If it's a plugin for your service to check credentials against to see if the user exists and is valid then it doesn't matter if CB exists or not as CB also uses _users, same as Joomla, so it should work fine. Your best bet is to simply test it and see what happens.

It is the latter of the two options you mention and also endeavors to pass a range of specified user information to the querying application, including info held in _comprofiler.

I will try to update this post with what we find out by trying it out.

I see, so it checks that the credentials exist and are valid against Joomla. In that case it should work fine as both Joomla and CB share the _users table. Sending CB information back however will be the tricky part. You'll need to modify the endpoint (probably a plugin you install into Joomla?) to respond with that information.