This is an old revision of the document!
Table of Contents
Flarum Setup Guide for JWT-Based SSO Integration
This guide explains how to set up Flarum with the required dependencies for seamless JWT-based Single Sign-On integration with Joomla.
Overview
The integration uses the mature maicol07/flarum-ext-sso extension with JWT authentication to provide secure, enterprise-grade SSO between Joomla and Flarum.
Requirements
System Requirements
- PHP: 8.2+ (same as Joomla 5)
- Composer: Latest version
- Web Server: Apache/Nginx with HTTPS support
- Database: MySQL 5.7+ or MariaDB 10.3+
Flarum Version
- Flarum: 1.8.10+ (tested and working)
Step 1: Install Flarum
If you haven’t installed Flarum yet:
# Create Flarum installation directory mkdir /var/www/forum.yoursite.com cd /var/www/forum.yoursite.com # Install Flarum composer create-project flarum/flarum . # Set proper permissions chmod 775 storage/ chmod -R 775 storage/ chown -R www-data:www-data storage/
Complete the web installer by visiting your forum URL.
⚠️ CRITICAL: Admin User Email Requirement
During Flarum installation, you MUST use the same email address for the Flarum admin user as your Joomla admin user.
Why this matters: - Once SSO is enabled, you cannot log into Flarum directly - You are completely reliant on the SSO plugin working - The plugin matches users by email address - If emails don’t match, admin cannot access the forum
Example: - ✅ Correct: Joomla admin = admin@yoursite.com, Flarum admin = admin@yoursite.com - ❌ Wrong: Joomla admin = admin@yoursite.com, Flarum admin = martin@yourcompany.com
If you already installed Flarum with different admin email: 1. Go to Flarum admin panel (before enabling SSO) 2. Update admin user email to match Joomla admin email 3. Save changes 4. Then proceed with SSO setup
Step 2: Install Required Extensions
Install maicol07/flarum-ext-sso Extension
cd /var/www/forum.yoursite.com composer require maicol07/flarum-ext-sso
Install Missing Dependencies
During our testing, we discovered that the lcobucci/clock library is required but not automatically installed:
# Install the missing clock library composer require lcobucci/clock
This fixes the “Class Lcobuccinot found” error.
Enable the Extension
# Enable the SSO extension
php flarum extension:enable maicol07-sso
Step 3: Configure Flarum SSO Extension
Access Flarum Admin Panel
- Log into your Flarum forum as an administrator
- Go to Admin → Extensions → SSO (by maicol07)
Configure SSO Settings
Set the following configuration:
JWT Issuer (jwt_iss): yoursite.com JWT Signing Algorithm: Sha256 JWT Signer Key: c1Y9I+cYf8x5p4pxJDZj7GuAgoi/0ueAn2WC2D+3WYs= Login URL: https://yoursite.com/component/users/login Logout URL: https://yoursite.com/component/users/login Signup URL: https://yoursite.com/component/users/registration Manage Account URL: https://yoursite.com
Important Notes: - JWT Signer Key: Must match exactly with the Joomla plugin configuration - JWT Issuer: Should be your main domain without https:// (e.g., yoursite.com) - URLs: Point back to your Joomla site for user management
Step 4: Verify Installation
Check Extension Status
cd /var/www/forum.yoursite.com php flarum info
You should see maicol07-sso listed in the enabled extensions.
Test JWT Endpoint
Test that the JWT endpoint is working:
# This should return a 400 error (expected - no Authorization header) curl -I https://forum.yoursite.com/api/sso/jwt
Expected response: 400 Bad Request (this means the endpoint exists)
Check Required Libraries
Verify all dependencies are installed:
composer show lcobucci/jwt lcobucci/clock
Both should show as installed.
Step 5: Domain Configuration
For Subdomain Setup (Recommended)
If using forum.yoursite.com:
- DNS: Point forum.yoursite.com to your server
- SSL: Ensure HTTPS certificate covers both domains
- Cookie Domain: The plugin will set cookies for
.yoursite.comto enable cross-subdomain authentication
For Same Domain Setup
If using yoursite.com/forum:
- Configure web server to serve Flarum from
/forumpath - Update Flarum’s
config.phpwith correct URL - Ensure proper URL rewriting rules
Step 6: Integration Testing
Test JWT Authentication Flow
- Generate JWT: Log into Joomla and test the JWT generation endpoint
- Verify Token: Check that Flarum accepts the JWT token
- Test SSO: Use the forum redirect URL to test automatic login
Debug Common Issues
403 Permission Denied: - Check JWT signer key matches between Joomla and Flarum - Verify JWT issuer configuration - Check user exists in both systems
500 Internal Server Error: - Install missing lcobucci/clock dependency - Check Flarum error logs: /var/www/forum.yoursite.com/storage/logs/
404 Not Found: - Verify SSO extension is enabled - Check web server configuration - Ensure mod_rewrite is working
Configuration Files
Flarum config.php Example
<?php return array ( 'debug' => false, 'database' => array ( 'driver' => 'mysql', 'host' => 'localhost', 'port' => 3306, 'database' => 'flarum_db', 'username' => 'flarum_user', 'password' => 'secure_password', 'charset' => 'utf8mb4', 'collation' => 'utf8mb4_unicode_ci', 'prefix' => 'flarum_', 'strict' => false, 'engine' => 'InnoDB', 'prefix_indexes' => true, ), 'url' => 'https://forum.yoursite.com', 'paths' => array ( 'api' => 'api', 'admin' => 'admin', ), );
Web Server Configuration
Apache .htaccess (already included with Flarum)
<IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^ index.php [QSA,L] </IfModule>
Nginx Configuration
server { listen 80; server_name forum.yoursite.com; return 301 https://$server_name$request_uri; } server { listen 443 ssl http2; server_name forum.yoursite.com; root /var/www/forum.yoursite.com/public; index index.php; # SSL configuration ssl_certificate /path/to/certificate.crt; ssl_certificate_key /path/to/private.key; location / { try_files $uri $uri/ /index.php?$query_string; } location ~ \.php$ { fastcgi_pass unix:/var/run/php/php8.2-fpm.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; include fastcgi_params; } location ~* \.(?:css|js|gif|png|jpg|jpeg|webp|svg|woff|woff2|ttf|eot|ico)$ { expires 1y; add_header Cache-Control "public, immutable"; } }
Security Considerations
JWT Security
- Strong Keys: Use cryptographically secure signing keys (64+ characters)
- Short Expiry: JWT tokens expire in 5 minutes for security
- HTTPS Only: Never use HTTP for authentication
- Key Rotation: Consider periodic key rotation for high-security environments
Database Security
- Separate User: Create dedicated database user for Flarum
- Minimal Permissions: Grant only required database permissions
- Connection Encryption: Use SSL for database connections if possible
File Permissions
# Secure file permissions find /var/www/forum.yoursite.com -type d -exec chmod 755 {} \; find /var/www/forum.yoursite.com -type f -exec chmod 644 {} \; chmod 775 /var/www/forum.yoursite.com/storage chmod -R 775 /var/www/forum.yoursite.com/storage/ chown -R www-data:www-data /var/www/forum.yoursite.com/
Maintenance
Keep Extensions Updated
cd /var/www/forum.yoursite.com composer update maicol07/flarum-ext-sso composer update lcobucci/clock lcobucci/jwt
Monitor Logs
Regular monitoring of Flarum logs:
tail -f /var/www/forum.yoursite.com/storage/logs/flarum-$(date +%Y-%m-%d).log
Backup Strategy
Include in your backup routine: - Flarum database - Flarum files (especially config.php) - Extension configurations - Custom themes/assets
Troubleshooting
Common Error Messages
“Class Lcobuccinot found”:
composer require lcobucci/clock
“Signature key does not correspond to the one on the token”: - Check JWT signing key matches in both Joomla plugin and Flarum SSO extension
“User not found”: - Enable user auto-creation in Joomla plugin - Check user synchronization settings
Debug Mode
Enable Flarum debug mode temporarily:
// In config.php 'debug' => true,
Remember to disable debug mode in production!
Performance Optimization
OpCache Configuration
; php.ini optimizations opcache.enable=1 opcache.memory_consumption=512 opcache.max_accelerated_files=65407 opcache.validate_timestamps=0 ; Production only opcache.save_comments=1 opcache.fast_shutdown=1
Database Optimization
-- Optimize Flarum tables OPTIMIZE TABLE flarum_users; OPTIMIZE TABLE flarum_posts; OPTIMIZE TABLE flarum_discussions;
Conclusion
This setup provides a robust, secure JWT-based SSO integration between Joomla and Flarum. The configuration is production-ready and follows security best practices.
For support or issues, refer to: - maicol07/flarum-ext-sso documentation - Flarum Community - Plugin author: martin@remository.com