Single Sign-On (SSO) for Prestashop Using ADFS as SAML IDP | ADFS SSO Login


ADFS / Active Directory Single Sign-On (SSO) login for PrestaShop [SAML] can be achieved by using our PrestaShop SAML SP Single Sign-On (SSO) module. Our SSO solution will make Prestashop SAML 2.0 compliant Service Provider, establishing trust between the PrestaShop site and ADFS / Active Directory to securely authenticate and login users to the PrestaShop site. Our PrestaShop Single Sign-On (SSO) solution helps to secure PrestaShop sites behind the SSO login so that users are authenticated using their ADFS / Active Directory login credentials. Seamless support for advanced Windows SSO features like Attribute & Group Mapping, Populate Employee information from ADFS / Active Directory to PrestaShop, Intranet SSO / Internet SSO, Mapping the profile picture from ADFS / Active Directory to your PrestaShop avatar, etc. Here we will go through a guide to configure SAML Single Sign-On Windows SSO login between the PrestaShop site and ADFS / Active Directory by considering ADFS / Active Directory as IdP (Identity Provider) and PrestaShop as SP (Service Provider). Our SSO plugin provides Unlimited user authentications from ADFS / Active Directory. To know more about other features we provide in your PrestaShop SAML Single Sign-On (SSO) plugin, you can click here.

Pre-requisites : Download And Installation

To configure ADFS/Active Directory as SAML IdP with PrestaShop, you will need to install the miniOrange PrestaShop SAML SP SSO module

PrestaShop Single Sign On SSO login with Azure, Azure B2C, Okta, ADFS, Keycloak, Salesforce, Ping, Onelogin, Gsuite, Shibboleth & many SAML IdPs [24/7 SUPPORT]

 Tested with 1.7.8.5

Steps to configure ADFS Single Sign-On (SSO) Login into PrestaShop

1. Setup ADFS as IdP (Identity Provider)

Follow the following steps to configure ADFS as IdP

miniorange img Configure ADFS as IdP
  • In the miniOrange PrestaShop SAML SP SSO plugin, navigate to SP (Service Provider) Metadata tab. Here, you can find the SP metadata such as SP Entity ID and ACS (AssertionConsumerService) URL which are required to configure the ADFS as IdP (Identity Provider).
  • Configure ADFS as IDP - SAML Single Sign-On(SSO) login for PrestaShop - ADFS SSO -Login PrestaShop upload metadata
  • On ADFS, search for ADFS Management application.
  • Configure ADFS as IDP - SAML Single Sign-On(SSO) login for PrestaShop - ADFS SSO - Admin Dashboard
  • In ADFS Management, select Relying Party Trust and click on Add Relying Party Trust.
  • Configure ADFS as IDP - SAML Single Sign-On(SSO) login for PrestaShop - ADFS SSO - Add Relying Party Trust
  • Select Claims aware from the Relying Party Trust Wizard and click on Start button.
  • Configure ADFS as IDP - SAML Single Sign-On(SSO) login for PrestaShop - ADFS SSO - Claims Aware
miniorange img Select Data Source
  • In Select Data Source, select the data source for adding a relying party trust.

  • Navigate to Service Provider Metadata tab from the plugin and copy the Metadata URL.
  • Select Import data about the relying party published online or on the local network option and add the metadata URL in Federation metadata address.
  • Click on Next.
  • Configure ADFS as IDP - SAML Single Sign-On(SSO) login for PrestaShop - ADFS SSO - support for the SAML 2.0 Wizard Metadata

    Note: In the next step enter the desired Display Name and click Next.

miniorange img Choose Access Control Policy
  • Select Permit everyone as an Access Control Policy and click on Next.
  • Configure ADFS as IDP - SAML Single Sign-On(SSO) login for PrestaShop - ADFS SSO - Access Control Policy
miniorange img Ready to Add Trust
  • In Ready to Add Trust click on Next and then Close.
  • Configure ADFS as IDP - SAML Single Sign-On(SSO) login for PrestaShop - ADFS SSO - Add Trust
miniorange img Edit Claim Issuance Policy
  • In the list of Relying Party Trust, select the application you created and click on Edit Claim Issuance Policy.
  • Configure ADFS as IDP - SAML Single Sign-On(SSO) login for PrestaShop - ADFS SSO - Edit Claim Issuance Policy
  • In Issuance Transform Rule tab click on Add Rule button.
  • Configure ADFS as IDP - SAML Single Sign-On(SSO) login for PrestaShop - ADFS SSO - Edit Claim Issuance Policy
miniorange img Choose Rule Type
  • Select Send LDAP Attributes as Claims and click on Next.
  • Configure ADFS as IDP - SAML Single Sign-On(SSO) login for PrestaShop - ADFS SSO - LDAP Attributes
miniorange img Configure Claim Rule
  • Add a Claim Rule Name and select the Attribute Store as required from the dropdown.
  • Under Mapping of LDAP Attributes to outgoing claim types, Select LDAP Attribute as E-Mail-Addresses and Outgoing Claim Type as Name ID.
  • Configure ADFS as IDP - SAML Single Sign-On(SSO) login for PrestaShop - ADFS SSO - for the SAML 2.0 Add Transform Claim Rule
  • Once you have configured the attributes, click on Finish.
  • After configuring ADFS as IDP, you will need the Federation Metadata to configure your Service Provider.
  • To get the ADFS Federation Metadata, you can use this URL
    https://< ADFS_Server_Name >/federationmetadata/2007-06/federationmetadata.xml
  • You have successfully configured ADFS as SAML IdP (Identity Provider) for achieving ADFS Single Sign-On (SSO) Login

Windows SSO (Optional)

Follow the steps below to configure Windows SSO

miniorange img Steps to configure ADFS for Windows Authentication
  • Open elevated Command Prompt on the ADFS Server and execute the following command on it:
    • miniorange img setspn -a HTTP/##ADFS Server FQDN## ##Domain Service Account##

      miniorange img FQDN is Fully Qualified Domain Name (Example : adfs4.example.com)

      miniorange img Domain Service Account is the username of the account in AD.

      miniorange img Example : setspn -a HTTP/adfs.example.com username/domain

  • Open AD FS Management Console, click on Services and go to the Authentication Methods section. On the right, click on Edit Primary Authentication Methods. Check Windows Authentication in Intranet zone.
  • Configure ADFS as IDP - SAML Single Sign-On(SSO) login for PrestaShop - ADFS SSO - Primary Authentication Configure ADFS as IDP - SAML Single Sign-On(SSO) login for PrestaShop - ADFS SSO - Management Application
  • Open Internet Explorer. Navigate to Security tab in Internet Options.
  • Add the FQDN of ADFS to the list of sites in Local Intranet and restart the browser.
  • Select Custom Level for the Security Zone. In the list of options, select Automatic Logon only in Intranet Zone.
  • Configure ADFS as IDP - SAML Single Sign-On(SSO) login for PrestaShop - ADFS SSO - for the SAML 2.0 Wizard_Enable SAML
  • Open the powershell and execute following two commands to enable windows authentication in Chrome browser.
    • Set-AdfsProperties -WIASupportedUserAgents ((Get-ADFSProperties | Select -ExpandProperty WIASupportedUserAgents) + "Chrome")
      Get-AdfsProperties | Select -ExpandProperty WIASupportedUserAgents;
  • You have successfully configured ADFS for Windows Authentication.

Steps to configure Login into PrestaShop plugin

2. Setup PrestaShop as SP (Service Provider)

Follow the steps below to configure PrestaShop as SP

miniorange img Configure PrestaShop as SP
  • Login to your PrestaShop admin dashboard and you will be represented with the home screen of the plugin.
  • Configure ADFS as IDP - SAML Single Sign-On(SSO) login for PrestaShop - ADFS SSO - Admin Dashboard
  • From the left pane, under the IMPROVE section, click on Modules tab.
  • Select the Module Manager option from dropdown and click on the Upload a Module button to upload PrestaShop SAML SSO module.
  • Configure ADFS as IDP - SAML Single Sign-On(SSO) login for PrestaShop - ADFS SSO - Module Manager
  • After you have successfully installed the plugin, under the Administration section click on the Configure button for the miniOrange SAML Single Sign-On.
  • Configure ADFS as IDP - SAML Single Sign-On(SSO) login for PrestaShop - ADFS SSO - Administration
  • On the next screen, scroll down to the Service Provider Setup tab.
  • Enter the required details:
  • IDP Entity ID Copy and paste the IDP Entity ID or Issuer from the ADFS Metadata
    SAML Login URL Copy and paste the SAML Login URL from the ADFS Metadata
    IDP Certificate Copy and paste the X.509 Certificate
    Configure ADFS as IDP - SAML Single Sign-On(SSO) login for PrestaShop - ADFS SSO - Metadata
  • Click on Save and then click on Test Configuration button.
  • After the successful Test Configuration you can see the Attribute Name and values recieved from your IDP.
  • Configure Okta as IDP - SAML Single Sign-On(SSO) login for PrestaShop - Okta SSO  - Metadata

3. Attribute Mapping

  • Attribute Mapping feature allows you to map the user attributes sent by the IDP during SSO to the user attributes at PrestaShop.
  • In PrestaShop SAML plugin, go to Attribute Mapping tab and fill up the following fields in Attribute Mapping section.
  • Click on Save button.
  • Attribute Mapping

4. Login Button

  • You can add a customized login button anywhere on your site or on PrestaShop login page by navigating to Design tab and then click on the Link List option.
  • Click on the New block option from the top right corner.
  • Configure ADFS as IDP - SAML Single Sign-On(SSO) login for PrestaShop - ADFS SSO - Login Button
  • Enter your Name of the block and select the required hook to display the widget.

Note: To display the login button on the customer login page select the hook displayCustomerLoginFormAfter

    Configure ADFS as IDP - SAML Single Sign-On(SSO) login for PrestaShop - ADFS SSO - Hooks
  • Scroll down to the Custom content section, enter the Title and the URL.
  • Click on Add and then Save button.
  • Configure ADFS as IDP - SAML Single Sign-On(SSO) login for PrestaShop - ADFS SSO - Title

In this Guide, you have successfully configured ADFS SAML Single Sign-On (ADFS SSO Login) choosing ADFS as IdP and PrestaShop as SP using miniOrange SAML Single Sign-On Service Provider plugin. This solution ensures that you are ready to roll out secure access to your PrestaShop site using ADFS login credentials within minutes.


Additional Resources


If you are looking for anything which you cannot find, please drop us an email on samlsupport@xecurify.com

Why Our Customers choose PrestaShop SAML SSO plugin?


24/7 Support

miniOrange provides 24/7 support for all the Secure Identity Solutions. We ensure high quality support to meet your satisfaction.

Sign Up

Extensive Setup Guides

Easy and precise step-by-step instructions and videos to help you configure within minutes.

Watch Demo


We offer Secure Identity Solutions for Single Sign-On, Two Factor Authentication, Adaptive MFA, Provisioning, and much more. Please contact us at

 +1 978 658 9387 (US) | +91 77966 99612 (India)   samlsupport@xecurify.com

Hello there!

Need Help? We are right here!

support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com