ADFS OAuth and OpenID Connect Single Sign-On (SSO) into Magento | ADFS SSO Login

ADFS OAuth and OpenID Connect Single Sign-On (SSO) into Magento | ADFS SSO Login


ADFS Single Sign On (ADFS SSO) with Magento enables secure login access into Magento using ADFS as OAuth and OpenID Connect provider. Magento OAuth/OpenID Connect Single Sign-On module gives the ability to enable OAuth/OpenID Single Sign-On for Magento. If you want users to log in to your Magento site using their ADFS credentials, you can simply do it using our Magento OAuth/OpenID Connect Single Sign-On Plugin. Once you configure the ADFS with the Magento module, you can allow users to perform SSO to your Magento site using ADFS. It has powerful Single Sign-On (SSO) features like user profile attribute mapping and role mapping, among others. We'll go over how to set up Single Sign-On (SSO) for user authentication between Magento and ADFS in this guide.
To know more about other features we provide in the Magento OAuth/OpenID Connect Single Sign-On module, you can click here.

Pre-requisites : Download And Installation

Installation using Composer:
  • Purchase the miniOrange OAuth / OpenID Connect Single Sign On extension from magento marketplace.
  • Go to My profile -> My Purchases
  • Please ensure you are using correct access keys (My Profile - Access Keys)
  • Paste the access keys in your auth.json file inside your project
  • Use the below command to add the extension to your project.
    "composer require {module_name}:{version}"
  • You can see the module name and list of versions in the selector below the extension module name.
  • Run the following commands on command prompt to enable the extension.
  • php bin/magento setup:di:compile
    php bin/magento setup:upgrade

Manual Installation:
  • Download the miniOrange OAuth OpenID Connect Single Sign-On extension.
  • Unzip all contents of the zip inside the MiniOrange/OAuth directory.
  • {Root Directory of Magento} app code MiniOrange OAuth
  • Run the following commands on command prompt to enable the extension.
  • php bin/magento setup:di:compile
    php bin/magento setup:upgrade

Magento OAuth OpenID Connect SSO extension allows login (Single Sign-On) into Magento with your Azure AD, Azure B2C, AWS Cognito, WSO2, Okta, LinkedIn, Google, Facebook, Slack, Discord or other custom OAuth 2.0 providers [24/7 SUPPORT]

 Tested with 2.4.4

Steps to configure ADFS OAuth & OpenID Single Sign-On (SSO) Login into Magento

1. Setup ADFS as OAuth Provider (ADFS SSO)

Follow the steps below to configure ADFS as OAuth Provider (ADFS SSO)

miniorange img Configure ADFS as OAuth Provider
  • Your application must be https enabled to perform SSO with ADFS as OAuth Provider.
  • Navigate to Server Manager Dashboard->Tools->ADFS Management.
  • OAuth / OpenID Single Sign On (SSO) using ADFS, ADFS Management Magento SSO
  • Navigate to ADFS->Application Groups. Right click on Application Groups & click on Add Application group then enter Application Name. Select Server Application & click on next.
  • ADFS SSO OAuth / OpenID Single Sign On (SSO) using ADFS, Application Group
  • Copy Client Identifier. This is your Client ID. Add Callback URL in Redirect URL. You can get the callback URL from miniOrange Magento OAuth Client Single Sign-On (SSO) plugin. Click on next.
  • Magento SSO Client Identifier ADFS SSO
  • Click on Generate shared secret. Copy the Secret value. This is your Client Secret. Click on Next.
  • OAuth / OPenID Single Sign On (SSO) using ADFS, Generate Client Secret Magento SSO
  • On the Summary screen, click Next. On the Complete screen, click Close.
  • Now, right-click on the newly added Application Group and select Properties.
  • Click on Add application from App Properties.
  • Click on the Add application. Then select Web API and click Next.
  • ADFS Single Sign-On (SSO) Add application Magento SSO
  • Enter the domain name address into the Identifier section on the Configure Web API screen. Click Add and then Click Next.
  • ADFS SSO Login Configure Magento ADFS Single Sign-On
  • On the Choose Access Control Policy screen, select Permit every and click Next button.
  • OAuth / OPenID Single Sign On (SSO) using ADFS, Access Control Policy Magento ADFS
  • On the Configure Application Permission, by default openid is selected as a scope. You can select email and, profile as well, then click on next.
  • OAuth / OPenID Single Sign On (SSO) using ADFS, Configure Application Magento ADFS
  • On the Summary screen, click Next. On the Complete screen, click Close.
  • On the Sample Application Properties click OK.

You have successfully configured ADFS Identity Platform as OAuth Provider in order to provide authentication and authorization for the end users with ADFS Single Sign-On (SSO) into Magento with a single set of credentials. This solution ensures improved security & user experience.

2. Configuring Magento 2 as OAuth Client

  • After successfully configuring OAuth Provider, go to OAuth Provider tab and configure OAuth Provider Name, Client ID, Client Secret, Scope and provided endpoints.

    Please refer below Endpoints to configure the OAuth client


    Scope: openid
    Authorize Endpoint: https://{Domain URL}/adfs/oauth2/authorize
    Access Token Endpoint: https://{Domain URL}/adfs/oauth2/token
    Get User Info Endpoint: https://{Domain URL}/adfs/oauth2/userinfo
  • Click on the Save button to save the settings.
  • Click on the Test Configuration button.
  • Magento 2 OAuth credentials ADFS SSO OAuth
  • You will see all the values returned by your OAuth Provider to Magento in a table. If you don't see value for First Name, Last Name, Email or Username, make the required settings in your OAuth Provider to return this information.
  • The miniOrange Premium Plugin also provides you the the feature to auto redirect your user to the IdP Login Page.
  • Magento 2 OAuth auto redirect to idp
  • Go to the Sign In Settings tab and check options to enable SSO on your Magento site.
  • Magento 2 OAuth enable SSO
  • You have successfully configured your Magento 2 as an OAuth Client. You will see the SSO button on your frontend. Click on the button and test the SSO.
  • Magento 2 OAuth SSO ADFS SSO ADFS magento SSO magento 2 OAuth client SSO ADFS SSO

3: Attribute / Custom Mapping (Optional). *This is Premium feature.

  • You can map attributes in the Attribute Mapping tab. Only username and email are allowed to be mapped in free version of the plugin. However, in the premium version of the plugin, you can map various attributes coming from your OAuth Provider to the attributes present in your Magento site.
  • Magento 2 OAuth attribute mapping

4: Role Mapping (Optional). *This is Premium feature.

  • You can specify a default role in the free plugin that will be allocated to all non-admin users when they conduct SSO.
  • Go to Attribute/Role mapping tab and navigate to Role Mapping section.
  • Select the Default Role and click on the Save button.
  • AD
FS Magento SSO - ADFS Single Sign-On(SSO) Login in Magento - role mapping

By configuring ADFS as an OAuth Provider and Magento as an OAuth Client using our Magento OAuth Client plugin, you have successfully installed Magento ADFS Single Sign-On (SSO). Within minutes, you'll be able to provide safe access to your Magento site utilising ADFS login credentials thanks to this solution.


Additional Resources


If you are looking for anything which you cannot find, please drop us an email on magentosupport@xecurify.com

Hello there!

Need Help? We are right here!

support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com