:orphan: ****************************** Joomla 1.6 Integration ****************************** """"""""""""" Introduction """"""""""""" This document describes steps to configure Joomla with PINsafe as the authentication server. To use the Single Channel Image such as the `TURing `_ Image, the PINsafe server must be made accessible. The client requests the images from the PINsafe server, and is usually configured using Network Address Translation, often with a proxy server. The Swivel virtual or hardware appliance is configured with a proxy port to allow an additional layer of protection. """""""""""""" Prerequisites """""""""""""" Joomla 1.6 PINsafe 3.x `Joomla RADIUS Authentication plugin available here `_ Registration required. When using the TURing, Security String Index or Message Confirmed, the required images are requested by the client from the PINsafe server. This is usually carried out through a NAT to the PINsafe server. The PINsafe Joomla integration script can be found here: `PINsafe Joomla Integration Script `_ """""""" Baseline """""""" Joomla 1.6 PINsafe 3.8 """""""""""" Architecture """""""""""" Joomla makes authentication requests against the PINsafe server by RADIUS. """""""""""""""""""" Swivel Configuration """""""""""""""""""" ============================= Configuring the RADIUS server ============================= On the Swivel Administration console configure the RADIUS Server and NAS, see `RADIUS Configuration `_ ======================================= Enabling Session creation with username ======================================= To allow the TURing image, PINpad and other single channel images, under Server/Single Channel set `Allow session request by username `_ to Yes. ========================================= Setting up Swivel Dual Channel Transports ========================================= See `Transport Configuration `_ """"""""""""""""""""""""""" Joomla RADIUS Configuration """"""""""""""""""""""""""" A RADIUS module is used for Joomla authentication to authenticate to the PINsafe RADIUS server. """"""""""""""""""""""""""""""""""""""""""""""""" Joomla RADIUS Authentication Plug-in Installation """"""""""""""""""""""""""""""""""""""""""""""""" To install, on the Joomla Administration console select Extensions, then Extension Manager, there are 3 options for installation, select the desired installation method to upload the plugin: * Upload Package File * Install from Directory * Install from URL """""""""""""""""""""""""""""""""""""""""""""""""" Joomla RADIUS Authentication Plug-in Configuration """""""""""""""""""""""""""""""""""""""""""""""""" When installation is complete on the Joomla Administration console select Extensions, then Plug-in Manager, the RADIU plug-in should be listed. .. image:: /images/Integration/RADIUS/Joomla_1.6_Integration/Joomla_1.6_PINsafe_Integration_RADIUS_Plugin.jpg Click on the plugin, and set the following information: **Enabled** Enables the plug-in **Access** Which level of access the plugin-is applied to all **Ordering** In which order authentication is to be made .. image:: /images/Integration/RADIUS/Joomla_1.6_Integration/Joomla_1.6_PINsafe_Integration_RADIUS_Plugin_Details.jpg **RADIUS Server** The PINsafe server hostname or IP address **RADIUS Port** The PINsafe server RADIUS port, usually 1812 **Shared Secret** The shared secret also entered onto the PINsafe server other settings can be left as default depending on the required configuration .. image:: /images/Integration/RADIUS/Joomla_1.6_Integration/Joomla_1.6_PINsafe_Integration_RADIUS_Plugin_Basic_Options.jpg When complete save the settings, ensuring that the plugin is enabled. """""""""""""""""""""""""""""""""""""""""""" Joomla RADIUS Authentication Plug-in Testing """""""""""""""""""""""""""""""""""""""""""" Test the RADIUS module with a username and password or OTC. A RADIUS request should be seen on the PINsafe server. A valid OTC can be derived from the PINsafe Administration console for a user by selecting View Strings. """"""""""""""""""""""""""""""" Joomla Login Page Customisation """"""""""""""""""""""""""""""" The Joomla login page can be modified in a number of ways, such as: * Generation of Single Channel Images, such as TURing * SMS Message request buttons * Security String Index to show which security string can be used """"""""""""""""""""""""""""""" Creating a PINsafe login module """"""""""""""""""""""""""""""" A PINsafe login module can be downloaded and installed using `Joomla 1.6 PINsafe Module `_, or follow the instructions below to create a custom login module In order to configure the PINsafe script, the WYSIWYG editor needs to be temporarily disabled. To disable/enable the editor, on the Joomla Administration console select Site, then Global Configuration, and set the Default Editor to Editor-None. If an error is received then the Administration Console permissions need to be correctly set. See `Cannot save Global Configuration changes `_ .. image:: /images/Integration/RADIUS/Joomla_1.6_Integration/Joomla_1.6_PINsafe_IntegrationJoomla_Global_Configuration_Editor.jpg To create the new login module, on the Joomla Administration console select Extensions, then Module Manager. Click on New, and select a Module type of Custom HTML. """""""""""""""""""""""" Adding the Custom Script """""""""""""""""""""""" Under Custom output use enter the web page modification and script. The following lines need to be modified to reflect the environment The following can be edited in the script to hide buttons that are not required: TURing image button Show Security String Index button (To tell user which security string to use) Message button to request a new security string to be sent to the user The URL of the PINsafe server will also need to be modified to reflect the correct port and context. For a virtual or hardware appliance installation: pinsafeUrl = "`https://turing.swivelsecure.com:8443/proxy/ `_"; For a software only install see `Software Only Installation `_ """""""""""""""""""""""""""""""""""" Configuring the PINsafe login module """""""""""""""""""""""""""""""""""" Set the following details: **Title**: PINsafe login. Descriptive Module Name **Show Title**: Hide. Hides the Title in the login screen **Position**: Position-7. This will vary according to the website design, and should be positioned close to the associated login module. **Status**: published. **Access**: Public. Select Access level appropriate **Ordering**: 7. PINsafe Login. Where the PINsafe modification will appear in the login (this will depend on each site configuration) Other settings can be left as default Under Advanced Options, set Caching to None .. image:: /images/Integration/RADIUS/Joomla_1.6_Integration/Joomla_1.6_PINsafe_Integration_Module_Configuration.jpg """"""""""""""" Menu Assignment """"""""""""""" The module will need to be assigned, this will vary according to the site and page configuration. On the module, select Menu Assignment, then select the pages that are required. The below example uses the Module Assignment of 'Use only the pages selected' with Man Menu, Home selected. .. image:: /images/Integration/RADIUS/Joomla_1.6_Integration/Joomla_1.6_Module_Manager_Menu_Assignment.jpg """""""" Testing """""""" Connect to the Joomla website and verify that the correct images are shown Login with TURing, String Index and Message Buttons .. image:: /images/Integration/RADIUS/Joomla_1.6_Integration/Joomla_1.6_PINsafe_Integration.jpg TURing Image Login .. image:: /images/Integration/RADIUS/Joomla_1.6_Integration/Joomla_1.6_PINsafe_Integration_login_TURing_Index_Message.jpg Security String Index for SMS Message login .. image:: /images/Integration/RADIUS/Joomla_1.6_Integration/Joomla_1.6_PINsafe_Integration_login_DCIndex.jpg SMS Message request Confirmed .. image:: /images/Integration/RADIUS/Joomla_1.6_Integration/Joomla_1.6_PINsafe_Integration_login_DC_Message_confirmed.jpg """""""""""""""" Troubleshooting """""""""""""""" Check the PINsafe logs for Turing images and RADIUS requests. """""""""""""""""""""" Additional Information """""""""""""""""""""" For assistance in the PINsafe installation and configuration please firstly contact your reseller and then email Swivel Secure support at support@swivelsecure.com