Shibboleth-2 Single Sign-On (SSO) login for Magento [SAML] can be achieved by using our Magento SAML SP Single Sign-On (SSO) plugin. Our SSO solution will make Magento SAML 2.0 compliant Service Provider establishing trust between the Magento site and Shibboleth-2 to securely authenticate and login users to the Magento site. Our Magento Single Sign-On (SSO) solution helps to secure Magento sites behind the SSO login so that users are authenticated using their Shibboleth-2 login credentials. Seamless support for advanced SSO features like Attribute / Custom Mapping, Role Mapping etc.
SAML allows information to be exchanged between Service Providers and Identity Providers; SAML is the integration of Service Providers and Identity Providers. When a user attempts to log in, your Service provider delivers SAML assertions to Identity Provider, which contain information about the user. The assertion is received by Identity Provider, which validates it against your Service Provider settings before allowing the user access to your org.
Here we will go through a guide to configure SAML Single Sign-On SSO login between Magento site and Shibboleth-2 by considering Shibboleth-2 as IdP (Identity Provider) and Magento as SP (Service Provider). Our SSO plugin provides Unlimited user authentications from Shibboleth-2. To know more about other features we provide in you Magento SAML Single Sign-On (SSO) plugin, you can click here.
Magento Single Sign On SSO login with Azure AD, Azure B2C, ADFS, Okta, Keycloak, Salesforce, Ping, Bitium, Gsuite, Shibboleth & many SAML IdPs [24/7 SUPPORT]
Follow the steps below to configure Shibboleth-2 as IdP for Magento
<MetadataProviderxsi:type="InlineMetadataProvider"
xmlns="urn
:mace:shibboleth:2.0:metadata" id="MyInlineMetadata">
<EntitiesDescriptorxmlns="urn:oasis:names:tc:SAML:2.0:metadata">
<md:EntityDescriptorxmlns:md="urn:oasis:names:tc:SAML:2
.0:metadata"
entityID="<ENTITY_ID_FROM_PLUGIN>">
<md:SPSSODescriptorAuthnRequestsSigned="false"
WantAssertionsSigned="true" protocolSupportEnumeration=
"urn:oasis:names:tc:SAML:2.0:protocol">
<
urn:oasis:names:tc:SAML:1
.1:nameidformat:emailAddress</md:NameIDFormat>
<md:AssertionConsumerService
Binding="urn
:oasis:names:tc:SAML:2.0:bindings:https-POST"
Location="<ACS_URL_FROM_PLUGIN>"
index="1"/>
</md:SPSSODescriptor>
</md:EntityDescriptor>
</EntitiesDescriptor>
</MetadataProvider>
<resolver:AttributeDefinitionxsi:type="ad:Si
mple" id="email"
sourceAttributeID="mail">
<resolver:Dependency ref="ldapConnector" />
<resolver:AttributeEncoderxsi:type="enc:SAML2
StringNameID"
nameFormat="urn:oasis:names:tc:SAML:1.1:
nameid-format:emailAddress"/>
</resolver:AttributeDefinition>
<afp:AttributeFilterPolicy id="releaseTransientIdToAnyone">
<afp:PolicyRequirementRulexsi:type="basic:ANY"/>
<afp:AttributeRuleattributeID="email">
<afp:PermitValueRulexsi:type="basic:ANY"/>
</afp:AttributeRule>
</afp:AttributeFilterPolicy>
You have successfully configured Shibboleth-2 as SAML IdP (Identity Provider) for achieving Shibboleth-2 Single Sign-On (SSO) Login, ensuring secure Shibboleth-2 Login into Magento Site.
IdP Entity ID or Issuer | https://<your_domain>/idp/shibboleth |
Single Sign-On Service URL | https://<your_domain>/idp/profile/SAML2/Redirect/SSO |
X.509 Certificate | The public key certificate of your Shibboleth server |
Username: | Name of the username attribute from IdP (Keep NameID by default) |
Email: | Name of the email attribute from IdP (Keep NameID by default) |
Group/Role: | Name of the Role attribute from Identity Provider (IdP) |
In this Guide, you have successfully configured Shibboleth-2 SAML Single Sign-On (Shibboleth-2 SSO Login) choosing Shibboleth-2 as IdP and Magento as SP using Magento SAML Sigle Sign-On (SSO) Login plugin .This solution ensures that you are ready to roll out secure access to your Magento site using Shibboleth-2 login credentials within minutes.
If you are looking for anything which you cannot find, please drop us an email on magentosupport@xecurify.com
Need Help? We are right here!
Thanks for your inquiry.
If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com