You're CMS should use the Gluu Server OpenID Connect interface. There are several OpenID Connect client libraries that will enable you to redirect the user to the Gluu Server for authentication, and then to obtain user information (from the Userinfo endpoint) by presenting a valid access token. Once you have user info, you can map that to an existing user in your database, or create a new user on the fly.
You might want to read my book [Securing the Perimeter](https://www.apress.com/us/book/9781484226001) for an introduction about federated identity.
All [Gluu Server Docs](https://gluu.org/docs) are all public. You can also do a web search on "OpenID Connect PhP" and probably turn up a ton of howto's.
With regard to authorization, you can base authorization on user claims returned from the Gluu Server. For example, if the person has `role: Manager`, then map that to the right permissions in your application. That's the easiest way to implement central control. You could also look at the Gluu Gateway product. Check out the recent webinar on how to implement RBAC with Gluu Gateway.