Magento Headless SSO Solution with SAML OAuth Providers

Pre-requisites : Download And Installation

Installation using Composer:

• Purchase the miniOrange Headless SSO extension from magento marketplace.
• Go to My profile -> My Purchases
• Please ensure you are using correct access keys (My Profile - Access Keys)
• Paste the access keys in your auth.json file inside your project
• Use the below command to add the extension to your project.

  "composer require {module_name}:{version}"

• You can see the module name and list of versions in the selector below the extension module name.
• Run the following commands on command prompt to enable the extension.

php bin/magento setup:di:compile

php bin/magento setup:upgrade

Manual Installation:

• Download the miniOrange Headless SSO extension.
• Unzip all contents of the zip inside the MiniOrange/Headless directory.

{Root Directory of Magento} app code MiniOrange OAuth

• Run the following commands on command prompt to enable the extension.

php bin/magento setup:di:compile

php bin/magento setup:upgrade

Steps to configure Headless SSO solution with SAML & OAuth providers

1. Configure SAML & OAuth provider

Follow the steps below to configure SAML & OAuth Provider

• Configure Azure AD as SAML Provider
• Configure Azure AD as OAuth Provider

• Log in to Azure AD Portal as an administrator.


• Select Azure Active Directory.


• Select App registrations tab from left hand side menu.


• Click on New registration button.


• Choose an account type and give it a name.
• Provide the ACS URL provided in the Service Provider Metadata tab of the plugin in the Redirect URL field and click the Register button.

• From the left menu panel, select Expose an API.
• Replace the APPLICATION ID URL with the SP Entity ID of the plugin by clicking the Set button.

NOTE: Please double-check that the SP Entity ID value in the Service Provider Metadata tab does not have a trailing slash('/'). Remove the trailing slash from the SP EntityID / Issuer field under the Service Provider Metadata tab of the plugin, enter the revised value at Azure, and click the Save button if the SP Entity ID has a trailing slash.



• Navigate back to Azure Active Directory then click on App Registrations button and click on Endpoints.


• This will lead you to a window containing a list of URLs.
• To obtain the Endpoints needed to configure your Service Provider, copy the Federation Metadata document URL.


• You have successfully configured Azure AD as SAML IdP ( Identity Provider) for achieving Azure AD SSO login into your Magento Site.

• Sign in to Azure portal.
• Select Azure Active Directory.

• In the left-hand navigation pane, click the App registrations service, and click New registration.

• Enter the Name of your application.

• Select the supported account types checkbox.

• Select the platform as Web.

• Copy Callback URL from the miniOrange OAuth Client plugin (Configure OAuth tab) and save it under the Redirect URL textbox.

• Make sure the "Grant admin consent to openid and offline_access permissions" option is enabled. When finished, click Register.

• Azure AD assigns a unique Application ID to your application. The Application ID is your Client ID and the Directory ID is your Tenant ID, keep these values handy as you will need them to configure the miniOrange OAuth Client plugin.

• Copy the Application (Client) ID and paste it as Client ID in miniOrange OAuth Client plugin.

• Now, Go to Certificates and Secrets from the left navigaton pane and click on New Client Secret. Enter description and expiration time and click on ADD option.

• Copy the secret key "value" and paste it as Client Secret under the miniOrange Magento OAuth Client Plugin.

• Navigate to API Permission tab from the left pane and click on Add a permission option.

• Click on Microsoft Graph.

• Select Delegated Permission option.

• Enable permissions for Email, OpenID, and Profile and click on Add permission button.

2. Configure Magento Headless SSO ( Single Sign-On ) extension

• After installing the Magento Headless SSO extension. Log in to Magento Backend and click on Headless SSO in the navigation panel.

• Enter your Frontend Callback URL (This will be the same URL where your frontend is hosted) and where you will receive the JWT token.
• JWT Secret When you receive a JWT from the client, you can verify that JWT with this this secret key stored on the server.
• Headless SSO URL:- This URL will be embedded in your login button which will initiate the login flow from your frontend.

Additional Resources

• Magento SAML Single Sign On (SSO)
• Magento OAuth/OpenID Single Sign-On (SSO)
• Magento Two-Factor Authentication (2FA)

If you are looking for anything which you cannot find, please drop us an email on magentosupport@xecurify.com