-
-
Notifications
You must be signed in to change notification settings - Fork 10
Synology
The Akeeba Social Login - Synology SSO integration plugin allows users on your site to use their Synology SSO accounts to log into or register a user account on your site.
Synology SSO refers to the self-hosted Single Sign-On service provided by Synology NAS and virtual machines running Synology DSM. It requires the optional “SSO Server” to be installed on your Synology hardware.
IMPORTANT: This plugin uses the OpenID Connect (OIDC) service in your Synology NAS / DSM.
DISCLAIMER: This part of our documentation describing the interaction with third party software is for information purposes only. It should be treated as indicative and used at your own risk. Akeeba Ltd can only attest that this part of the documentation has been the faithful transcription of the steps we took at the time of its writing. We strongly recommend that you consult the documentation of the third party software for accurate instructions. Should the behavior of the third party software differ from what is published in our documentation you should consult the support of the third party software provider. Do not seek support from us for such matters; Akeeba Ltd cannot provide support for third party software, is not responsible for or notified about any changes in said services, nor is it obligated to update the documentation pursuant such changes.
Before you use the Synology SSO integration on your site you must first enable the SSO OIDC service on your Synology NAS, and create an "app". Even though it sounds scary, a Synology SSO App is simply a way for you to get a set of access codes which let you identify your site on Synology SSO.
Log into Synology DSM.
Click on the Main Menu icon, and then click on the Package Center icon.
Type SSO Server in the search bar and press the ENTER key on your keyboard.
If the SSO Server package is not installed, install it now.
Log into Synology DSM.
Click on the Main Menu icon, and then click on the SSO Server icon.
From the left hand sidebar, click on General Settings.
If you do not have an LDAP controller on your network, or don't even know what that means, set the Account Type to “Domain/LDAP/Local”.
Enter your Server URL, following Synology's documentation. Remember that you may have to set up port forwarding on your Internet router. You will definitely need to set up Let's Encrypt as the SSO URLs can only be accessed over HTTPS. This part of the setup is beyond the scope of our documentation.
Click on Apply.
From the left hand sidebar, click on Service.
Click on the OIDC tab in the main area.
Check the Enable OIDC Server option.
Make sure the Well-known URL is populated. Copy that URL; you will need it later.
Click on Save.
Log into Synology DSM.
Click on the Main Menu icon, and then click on the SSO Server icon.
From the left hand sidebar, click on Application.
Click on the Add button.
Select OIDC and click on Next.
Enter an Application Name, e.g. the name of your site.
In the Redirect URI use http://www.example.com/index.php?option=com_ajax&group=sociallogin&plugin=synology&format=raw where http://www.example.com MUST be replaced with your site's URL.
Click on Done.
Double-click on the application you created.
Copy the Application ID and Application secret you see on that page, then click on Cancel.
Well-known URL
Enter the Well-known URL you copied when setting up OIDC in the SSO Server application on your Synology DSM. This is typically something like https://www.example.com:5001/sso/webman/sso/.well-known/openid-configuration.
Application Client ID Enter the Application ID for your OIDC SSO Application here. See the previous section for creating an Application on your Synology DSM.
Application Secret Enter the Application secret for your OIDC SSO Application here. See the previous section for creating an Application on your Synology DSM.
Allow social login to non-linked accounts When enabled allows users to log in despite not having linked their Synology SSO account to their site user account. Their Synology SSO account's email address must be the same as the email account they use on your site.
Create new user accounts Creates a new Joomla! user when a user tries to log in via Synology SSO but there is no Joomla! user account associated with that email or Synology SSO User ID. If user registration is disabled no account will be created and an error will be raised. The new Joomla! user will have a username derived from the Synology SSO account's username, the same email address as the Synology SSO account and a long, random password (which the user can change once they have logged in). Set this to No to prevent creation of user accounts through Synology SSO login.
Ignore Joomla! setting for creating user accounts When both this option and the Create new user accounts option above are enabled a new user will always be created, even if you have disabled user registration in the options of Joomla's Users page. This is useful to prevent anyone from registering to your site unless they have a Synology SSO account.
Bypass user validation Only applies when creating new user accounts. When enabled the new user will be created active, without going through the Joomla! user account validation. This means that no account activation email will be sent to the user or the administrators of the Joomla! site. This makes perfect sense since Synology SSO accounts are approved and created by the administrator of the Synology NAS.
Button styling When enabled custom CSS for login, link and unlink button styling will be output to the page header. Disable this option if you intend to use your own CSS to style the buttons.
Icon class The icon CSS class to use in the login, link and unlink buttons. Useful to use an icon font such as FontAwesome or Glyphicons to render the logo. If it's left empty, a simple key icon will be used.
Login buttons can be shown in In which part(s) of your site do you want to allow showing the Social Login buttons? For more information on how this feature works please consult the “Hiding in the frontend or backend” documentation page.
Copyright (C) 2017-2023 Akeeba Ltd.
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the section "GNU Free Documentation License".