Single Sign On (SSO) using an OAuth server

I am starting an opencart 3.0.3.3 implementation for a company. They already have customers logging into other corporate systems. The customers get validated by an OAuth server. The company would like opencart to use Single Sign On. Customers will not be able to use opencart if they are not already registered. And customers will not be able to register themselves. I'm not worried about registration on the OAuth server. The company will organise that.

Whenever a customer goes to the opencart website, opencart will call the OAuth to discover if the user has already logged in via another system.

If a customer is already signed in, they will not need to provide any credentials to opencart at all. Opencart would obtain the customer's details from the OAuth server. The customer wouldn't see the login page.

If the customer hasn't already logged in, they will see the login page. When they enter their credentials, opencart will make a call to the OAuth system to validate them and once again obtain the customers details.

Is all of this possible? Is there any extension that would do it? Any thoughts and advice would be most welcome. Many thanks

Check the extensions in this link https://www.opencart.com/index.php?rout ... 0sign%20on and https://www.opencart.com/index.php?rout ... 0sign%20on

Many thanks for your reply. If I understand correctly, those extensions require a proprietary authorisation server. In one case, the Gluu oxd server and in the other case the OneAll server. The company where I am installing opencart already has an OAuth server (I don't know what software it uses) so I was hoping that there would be something generic that could connect to any OAuth server. Is this possible? Or am I being unreasonable? I confess that, until I started this project, I knew nothing about OAuth so it's a steep learning curve for me.

I think you should inquire from the company about which OAuth server they use and check the codes from those extensions to see if you can adapt to connect to the company OAuth server or you can inquire from extension developers to see if they can adapt their extensions to connect to the company OAuth server.

That sounds like a proactive approach. Inquiring about the OAuth server used by the company is crucial for compatibility. Reviewing codes from relevant extensions for adaptation or seeking assistance from developers to modify extensions for connection to the company.s OAuth server are practical steps. Collaboration with both the company and extension developers enhances the likelihood of achieving seamless SSO integration between Joomla and your job board script. Good luck with the implementation!

Adrian99999 wrote: ↑

Thu Jun 11, 2020 9:13 pm

Is all of this possible? Is there any extension that would do it? Any thoughts and advice would be most welcome. Many thanks

We did it years ago with LDAP, and we'd be happy to work on this part for you.

Ralph78 wrote: ↑

Wed May 15, 2024 4:14 pm

That sounds like a proactive approach. Inquiring about the OAuth server used by the company is crucial for compatibility. Reviewing codes from relevant extensions for adaptation or seeking assistance from developers to modify extensions for connection to the company.s OAuth server are practical steps. Collaboration with both the company and extension developers enhances the likelihood of achieving seamless SSO integration between Joomla and your job board script. Good luck with the implementation!

Asking the company for its OAuth server is critical for compatibility. Inspecting extension code or working with developers to make changes guarantees integration. Coordination with both the company and extension developers increases the likelihood of SSO success. Good luck

jems3 wrote: ↑

Sun Mar 30, 2025 12:11 am

Ralph78 wrote: ↑

Wed May 15, 2024 4:14 pm

That sounds like a proactive approach. Inquiring about the OAuth server used by the company is crucial for compatibility. Reviewing codes from relevant extensions for adaptation or seeking assistance from developers to modify extensions for connection to the company.s OAuth server are practical steps. Collaboration with both the company and extension developers enhances the likelihood of achieving seamless SSO integration between Joomla and your job board script. Good luck with the implementation!

Asking the company for its OAuth server is critical for compatibility. Inspecting extension code or working with developers to make changes guarantees integration. Coordination with both the company and extension developers increases the likelihood of SSO success. Good luck

This is clearly AI and provides zero value. If you post like this again you'll be banned.

Paul, if you notice, there is currently an increasing number of AI posts on this forum which provide zero value. It looks like it's time for Daniel to take a look at this as well.

khnaz35 wrote: ↑

Tue Apr 01, 2025 1:45 pm

Paul, if you notice, there is currently an increasing number of AI posts on this forum which provide zero value. It looks like it's time for Daniel to take a look at this as well.

I remember paul himself posting chatGPT output before.

khnaz35 wrote: ↑

Tue Apr 01, 2025 1:45 pm

Paul, if you notice, there is currently an increasing number of AI posts on this forum which provide zero value. It looks like it's time for Daniel to take a look at this as well.

I'll delete any I see and warn or ban the users. Feel free to PM me about them.

nonnedelectari wrote: ↑

Tue Apr 01, 2025 5:20 pm

I remember paul himself posting chatGPT output before.

I might have done it once as a test when it was new, but never again.

paulfeakins wrote: ↑

Tue Apr 01, 2025 6:37 pm

I'll delete any I see and warn or ban the users.

viewtopic.php?t=235438
viewtopic.php?t=235432
viewtopic.php?t=235434

by mona wrote: ↑

Tue Apr 01, 2025 9:30 pm

paulfeakins wrote: ↑

Tue Apr 01, 2025 6:37 pm

I'll delete any I see and warn or ban the users.

viewtopic.php?t=235438
viewtopic.php?t=235432
viewtopic.php?t=235434

Sorry, but cannot see that those posts are clearly made by any AI/KI/anythingotherwhichmightbeahalfintelligentsystem ..

And just to clarify: each day we are deleting a hugh number of nonsens post or such might be from bots etc. BEFORE they ever get visible in this forum.
And those (pseudo)users are banned then automatically.

And finally, if more users could report suspect posts (check also their signatures!), the forum mods would have an easier job.
Thx!

It was not a criticism it was as you say to make “the forum mods have an easier job”.

Clearly I did check the signature and one of them was just an advert for a wordpress site in their signature. Which has now been removed, thx.
2 are bot AI generated questions. They have been increasing in number over the past few weeks. You will probably see the pattern it now that I mentioned it. It is your decision what to do with it and maybe it would be better if someone wants to manage a way to report it ?

AI generated questions will also destroy the usefulness of the forum. It would be a shame.

I do not see your post as a "critic" on anyone - more the opposite ..
Overall you are true and such automatic generated posts can destroy the idea and intention behind this forum.

If the forum mods will detect a post that is created not by human, they check the username, the message and the signature.
And if there is something "suspect", user is banned and post/topic is deleted.

Countless posts are deleted each day, countless signatures are disabled every day, and countless users are banned each day.
We are very restrictive with them and look forward to have this forum as clean as possible.
And we are happy about each report from everyone here.

Those 3 postings you mentioned were not deleted, because the questions are not that obstruse - therefore we left them "alive".

Overall I like to say thank you to all who are helping this forum to stay clean, usefull and helpfully for all interested users of OpenCart.