ADFS OAuth and OpenID Connect Single Sign-On (SSO) into Magento | ADFS SSO Login

ADFS Single Sign On (ADFS SSO) with Magento enables secure login access into Magento using ADFS as OAuth and OpenID Connect provider. Magento OAuth/OpenID Connect Single Sign-On module gives the ability to enable OAuth/OpenID Single Sign-On for Magento. If you want users to log in to your Magento site using their ADFS credentials, you can simply do it using our Magento OAuth/OpenID Connect Single Sign-On Plugin. Once you configure the ADFS with the Magento module, you can allow users to perform SSO to your Magento site using ADFS. It has powerful Single Sign-On (SSO) features like user profile attribute mapping and role mapping, among others. We'll go over how to set up Single Sign-On (SSO) for user authentication between Magento and ADFS in this guide.
To know more about other features we provide in the Magento OAuth/OpenID Connect Single Sign-On module, you can click here.

Pre-requisites : Download And Installation

Installation using Composer:

• Purchase the miniOrange OAuth / OpenID Connect Single Sign On extension from magento marketplace.
• Go to My profile -> My Purchases
• Please ensure you are using correct access keys (My Profile - Access Keys)
• Paste the access keys in your auth.json file inside your project
• Use the below command to add the extension to your project.

  "composer require miniorange_inc/miniorange-oauth-sso"

• You can see the module name and list of versions in the selector below the extension module name.
• Run the following commands on command prompt to enable the extension.

php bin/magento setup:di:compile

php bin/magento setup:upgrade

Manual Installation:

• Download the miniOrange OAuth OpenID Connect Single Sign-On extension zip from here.
• Unzip all contents of the zip inside the MiniOrange/OAuth directory.

{Root Directory of Magento} app code MiniOrange OAuth

• Run the following commands on command prompt to enable the extension.

php bin/magento setup:di:compile

php bin/magento setup:upgrade

OAuth / OpenID Connect Single Sign On – SSO (OAuth Client)

By miniOrange

(1)

Magento OAuth OpenID Connect SSO extension allows login (Single Sign-On) into Magento with your Azure AD, Azure B2C, AWS Cognito, WSO2, Okta, LinkedIn, Google, Facebook, Slack, Discord or other custom OAuth 2.0 providers [24/7 SUPPORT]

 Tested with 2.4.5

Get this plugin

Steps to configure ADFS OAuth & OpenID Single Sign-On (SSO) Login into Magento

1. Setup ADFS as OAuth Provider (ADFS SSO)

Follow the steps below to configure ADFS as OAuth Provider (ADFS SSO)

 Configure ADFS as OAuth Provider

• Your application must be https enabled to perform SSO with ADFS as OAuth Provider.
• Navigate to Server Manager Dashboard->Tools->ADFS Management.

• Navigate to ADFS->Application Groups. Right click on Application Groups & click on Add Application group then enter Application Name. Select Server Application & click on next.

• Copy Client Identifier. This is your Client ID. Add Callback URL in Redirect URL. You can get the callback URL from miniOrange Magento OAuth Client Single Sign-On (SSO) plugin. Click on next.

• Click on Generate shared secret. Copy the Secret value. This is your Client Secret. Click on Next.

• On the Summary screen, click Next. On the Complete screen, click Close.
• Now, right-click on the newly added Application Group and select Properties.
• Click on Add application from App Properties.
• Click on the Add application. Then select Web API and click Next.

• Enter the domain name address into the Identifier section on the Configure Web API screen. Click Add and then Click Next.

• On the Choose Access Control Policy screen, select Permit every and click Next button.

• On the Configure Application Permission, by default openid is selected as a scope. You can select email and, profile as well, then click on next.

• On the Summary screen, click Next. On the Complete screen, click Close.
• On the Sample Application Properties click OK.

You have successfully configured ADFS Identity Platform as OAuth Provider in order to provide authentication and authorization for the end users with ADFS Single Sign-On (SSO) into Magento with a single set of credentials. This solution ensures improved security & user experience.

2. Configuring Magento 2 as OAuth Client

• After successfully configuring OAuth Provider, go to OAuth Provider tab and configure OAuth Provider Name, Client ID, Client Secret, Scope and provided endpoints.
  
  

  Please refer below Endpoints to configure the OAuth client

  
  

  Scope:	openid
  Authorize Endpoint:	https://{Domain URL}/adfs/oauth2/authorize
  Access Token Endpoint:	https://{Domain URL}/adfs/oauth2/token
  Get User Info Endpoint:	https://{Domain URL}/adfs/oauth2/userinfo

• Click on the Save button to save the settings.
• Click on the Test Configuration button.

• You will see all the values returned by your OAuth Provider to Magento in a table. If you don't see value for First Name, Last Name, Email or Username, make the required settings in your OAuth Provider to return this information.
• The miniOrange Premium Plugin also provides you the the feature to auto redirect your user to the IdP Login Page.

• Go to the Sign In Settings tab and check options to enable SSO on your Magento site.

• You have successfully configured your Magento 2 as an OAuth Client. You will see the SSO button on your frontend. Click on the button and test the SSO.

Attribute / Custom Attribute Mapping (Optional). *This is Premium feature.

1.1: Attribute Mapping (Optional). *This is Premium feature.

• You can map attributes in the Attribute Mapping tab. Only username and email are allowed to be mapped in free version of the plugin. However, in the premium version of the plugin, you can map various attributes coming from your OAuth Provider to the attributes present in your Magento site.

1.2: Custom Attribute Mapping (Optional). *This is Premium feature.

• Enter your table name in Table field.
• Enter attribute name as your column name (in the respective table)
• Click on Add button for adding custom magento attribute and map the respective field with the attribute receiving from your identity provider
• Click on save button for saving the configuration.
• You can also delete the configuration by entering the name in attribute name field and then click on delete button.

Role Mapping (Optional). *This is Premium feature.

• You can specify a default role in the free plugin that will be allocated to all non-admin users when they conduct SSO.
• Go to Attribute/Role mapping tab and navigate to Role Mapping section.
• Select the Default Role and click on the Save button.

By configuring ADFS as an OAuth Provider and Magento as an OAuth Client using our Magento OAuth Client plugin, you have successfully installed Magento ADFS Single Sign-On (SSO). Within minutes, you'll be able to provide safe access to your Magento site utilising ADFS login credentials thanks to this solution.

Additional Resources

• What is Single Sign-On (SSO) Login?
• Set up ADFS as OAuth Provider
• What is OAuth 2.0?
• How OAuth works?
• Magento OAuth Single Sign On (SSO) Plugin.
• Magento SAML Single Sign On (SSO) Plugin.

If you are looking for anything which you cannot find, please drop us an email on magentosupport@xecurify.com