Search Results :

×

SAML Single Sign-On (SSO) in AWS Cognito (SP) | Magento – AWS Cognito SSO Login


Get Free Trial

AWS Cognito SAML Single Sign-On (SSO) with Magento as SAML IdP . Magento SAML IdP extenstion gives you the ability to use your Magento credentials to login into AWS Cognito. Here we will go through a step-by-step guide to configure SSO between AWS Cognito as SP (Service Provider) and Magento as IDP (Identity Provider).

Pre-requisites: Download and Installation

Installation using Composer:
  • Purchase the miniOrange SAML IDP Single Sign-On extension from magento marketplace.
  • Go to My profile -> My Purchases
  • Please ensure you are using correct access keys (My Profile - Access Keys)
  • Paste the access keys in your auth.json file inside your project
  • Use the below command to add the extension to your project.
    "composer require {module_name}:{version}"
  • You can see the module name and list of versions in the selector below the extension module name.
  • Run the following commands on command prompt to enable the extension.
  • php bin/magento setup:di:compile
    php bin/magento setup:upgrade

Manual Installation:
  • Download the miniOrange SAML IDP Single Sign-On extension.
  • Unzip all contents of the zip inside the MiniOrange/IDPSaml directory.
  • {Root Directory of Magento} app code MiniOrange IDPSaml
  • Run the following commands on command prompt to enable the extension
  • php bin/magento setup:di:compile
    php bin/magento setup:upgrade

Steps to configure AWS Cognito SAML Single Sign-on ( SSO ) Login into Magento 2

1. Download Metadata XML file from Magento:

  • Go to IDP Metadata tab. Click on Download XML Metadata button. Keep this XML file to configure your SP.
  • AWS Cognito as SP and Magento as IDP,Download Metadata

2. Configure AWS Cognito Service Provider:

  • First of all, go to Cognito Console and sign up/login in your account to Configure AWS Cognito.
  • Go to Services > Security, Identity, & Compliance > Cognito.
  • AWS Cognito as SP and Magento as IDP,Cognito console
  • Click Manage User Pools, then Create a user pool.
  • AWS Cognito as SP and Magento as IDP, Manage User Pools
    AWS Cognito as SP and Magento as IDP, Manage User Pools
  • Enter a name for the Pool Name. Click Review Defaults, then Create Pool .
  • AWS Cognito as SP and Magento as IDP, Manage User Pools
  • After creating a pool keep the Pool ID handy or you can note down so that it will help to configure your IdP.
  • AWS Cognito as SP and Magento as IDP, Manage User Pools
  • On the left pane, click on Domain Name under App Integration. Enter an available domain prefix, then save it. Keep this Domain it will require in ACS URL to configure your IDP.
  • AWS Cognito as SP and Magento as IDP, Manage User Pools
  • On the left pane, click on Identity provider under Federation. Then Selct SAML
  • AWS Cognito as SP and Magento as IDP, Manage User Pools
  • Upload the downloaded in step-1 Magento IDP metadata file, name it, then click Create Provider.
  • AWS Cognito as SP and Magento as IDP, Manage User Pools
  • Under Federation, select Attribute mapping .
  • Add this
     http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress 
    attribute in SAML attribute text field and select User Pool Attribute as Email.
  • AWS Cognito as SP and Magento as IDP, Manage User Pools
  • Click Save changes.

3. Configuring Magento as Identity Provider (IDP):

  • In Magento SAML IDP extenstion, go to Service Provider tab.
  • In the SP Entity ID field, enter urn:amazon:cognito:sp:(YourUserPoolId) and add your user pool id which you have already copied above while creating the pool.
  • Replace "yourUserPoolId" with your Amazon Cognito user pool ID.
  • To find the User Pool ID:
    • Log in to the AWS Management Console as an administrator.
    • Go to Services > Security, Identity, & Compliance, then select Cognito.
    • Select Manage User Pools, then the user pool you want to use in the configuration.
    • Find Pool Id at the top of the list.
  • In the ACS URL field, enter the following URL:
    https://YourSubdomain.amazoncognito.com/saml2/idpresponse
    and save it.

4. Configure App Client in AWS Cognito:

  • Now click on the App Clients under General Settings. Click on Add an App Client.
  • AWS Cognito as SP and Magento as IDP, Magento SP Cofiguration
  • Enter App client name. For eg. Magento IdP. Disable the Generate client secret checkbox and click on the Create App Client button at the bottom.
  • AWS Cognito as SP and Magento as IDP, Magento SP Cofiguration
  • Now click on the App Client settings under App Integration at the left pane.
  • Enable Select all checkbox, enter Callback URL(s) and Sign out URL(s).
  • Select Implicit Grant under Allowed OAuth Flows.
  • Now Enable email and openid checkbox under Allowed OAuth Scopes and click on Save Changes button at the bottom right corner.
  • AWS Cognito as SP and Magento as IDP, Magento SP Cofiguration
  • Now click on Launch Hosted UI at the bottom to perform SSO.
  • AWS Cognito as SP and Magento as IDP, Magento SP Cofiguration
  • You can also use the following SSO URL for perform the SSO.
    https://(domain_prefix).auth.(region).amazoncognito.com/login?
    response_type=token&client_id=(app client id)&redirect_uri=(your redirect URI)
  • Now you have successfully configured miniOrange Magento SAML IDP with AWS Cognito as SP.

5. Attribute Mapping

  • In the Magento IDP extension, navigate to the Attribute Mapping tab.
  • In the User Attributes section, enter the following information and click on Save .
  • You can also add more attributes by clicking on + sign to add attributes.
  • Configure SAML SSO in Tableau Server (SP) with WordPress - Tableau Single Sign on

6. SSO Testing

  • Open a new browser or private incognito window and enter your AWS Cognito URL, which will redirect you to the Magento login screen.
  • Enter your Magento credentials and click the log in button.
  • If you are redirected to your AWS Cognito start page and successfully logged in, your configuration is correct.

Additional Resources



Why Our Customers choose miniOrange Magento Single Sign-On (SSO) Solutions?


24/7 Support

We offer 24/7 support for all Magento solutions. We ensure high quality support to meet your needs.

Sign Up

Customer Reviews

See for yourself what satisfied customers have to say about our reliable Magento solutions.

Reviews

Extensive Setup Guides

Easy and precise step-by-step instructions and videos to help you configure within minutes.

Watch Demo


We offer Secure Identity Solutions for Single Sign-On, Two Factor Authentication, Provisioning, and much more. Please contact us at

 +1 978 658 9387 (US) | +91 97178 45846 (India)   magentosupport@xecurify.com

[MO_CONTACT_US]
Hello there!

Need Help? We are right here!

support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com