Single Sign-On (SSO) for Prestashop Using ADFS as SAML IDP | ADFS SSO Login

ADFS / Active Directory Single Sign-On (SSO) login for PrestaShop [SAML] can be achieved by using our PrestaShop SAML SP Single Sign-On (SSO) module. Our SSO solution will make Prestashop SAML 2.0 compliant Service Provider, establishing trust between the PrestaShop site and ADFS / Active Directory to securely authenticate and login users to the PrestaShop site. Our PrestaShop Single Sign-On (SSO) solution helps to secure PrestaShop sites behind the SSO login so that users are authenticated using their ADFS / Active Directory login credentials. Seamless support for advanced Windows SSO features like Attribute & Group Mapping, Populate Employee information from ADFS / Active Directory to PrestaShop, Intranet SSO / Internet SSO, Mapping the profile picture from ADFS / Active Directory to your PrestaShop avatar, etc. Here we will go through a guide to configure SAML Single Sign-On Windows SSO login between the PrestaShop site and ADFS / Active Directory by considering ADFS / Active Directory as IdP (Identity Provider) and PrestaShop as SP (Service Provider). Our SSO plugin provides Unlimited user authentications from ADFS / Active Directory. To know more about other features we provide in your PrestaShop SAML Single Sign-On (SSO) plugin, you can click here.

Pre-requisites : Download And Installation

To configure ADFS/Active Directory as SAML IdP with PrestaShop, you will need to install the miniOrange PrestaShop SAML SP SSO module

SAML Single Sign-On Service Provider | SAML SP

By miniOrange

PrestaShop Single Sign On SSO login with Azure, Azure B2C, Okta, ADFS, Keycloak, Salesforce, Ping, Onelogin, Gsuite, Shibboleth & many SAML IdPs [24/7 SUPPORT]

 Tested with 1.7.8.5

Get this plugin

Steps to configure ADFS Single Sign-On (SSO) Login into PrestaShop

1. Setup ADFS as IdP (Identity Provider)

Follow the following steps to configure ADFS as IdP

 Configure ADFS as IdP

• In the miniOrange PrestaShop SAML SP SSO plugin, navigate to SP (Service Provider) Metadata tab. Here, you can find the SP metadata such as SP Entity ID and ACS (AssertionConsumerService) URL which are required to configure the ADFS as IdP (Identity Provider).

• On ADFS, search for ADFS Management application.

• In ADFS Management, select Relying Party Trust and click on Add Relying Party Trust.

• Select Claims aware from the Relying Party Trust Wizard and click on Start button.

 Select Data Source

• In Select Data Source, select the data source for adding a relying party trust.

 Choose Access Control Policy

• Select Permit everyone as an Access Control Policy and click on Next.

 Ready to Add Trust

• In Ready to Add Trust click on Next and then Close.

 Edit Claim Issuance Policy

• In the list of Relying Party Trust, select the application you created and click on Edit Claim Issuance Policy.

• In Issuance Transform Rule tab click on Add Rule button.

 Choose Rule Type

• Select Send LDAP Attributes as Claims and click on Next.

 Configure Claim Rule

• Add a Claim Rule Name and select the Attribute Store as required from the dropdown.
• Under Mapping of LDAP Attributes to outgoing claim types, Select LDAP Attribute as E-Mail-Addresses and Outgoing Claim Type as Name ID.

• Once you have configured the attributes, click on Finish.
• After configuring ADFS as IDP, you will need the Federation Metadata to configure your Service Provider.
• To get the ADFS Federation Metadata, you can use this URL
  https://< ADFS_Server_Name >/federationmetadata/2007-06/federationmetadata.xml
• You have successfully configured ADFS as SAML IdP (Identity Provider) for achieving ADFS Single Sign-On (SSO) Login

Windows SSO (Optional)

Follow the steps below to configure Windows SSO

 Steps to configure ADFS for Windows Authentication

• Open elevated Command Prompt on the ADFS Server and execute the following command on it:

setspn -a HTTP/##ADFS Server FQDN## ##Domain Service Account##

FQDN is Fully Qualified Domain Name (Example : adfs4.example.com)

Domain Service Account is the username of the account in AD.

Example : setspn -a HTTP/adfs.example.com username/domain

• Open AD FS Management Console, click on Services and go to the Authentication Methods section. On the right, click on Edit Primary Authentication Methods. Check Windows Authentication in Intranet zone.

• Open Internet Explorer. Navigate to Security tab in Internet Options.
• Add the FQDN of ADFS to the list of sites in Local Intranet and restart the browser.
• Select Custom Level for the Security Zone. In the list of options, select Automatic Logon only in Intranet Zone.

• Open the powershell and execute following two commands to enable windows authentication in Chrome browser.

Set-AdfsProperties -WIASupportedUserAgents ((Get-ADFSProperties | Select -ExpandProperty WIASupportedUserAgents) + "Chrome")

Get-AdfsProperties | Select -ExpandProperty WIASupportedUserAgents;

• You have successfully configured ADFS for Windows Authentication.

Steps to configure Login into PrestaShop plugin

2. Setup PrestaShop as SP (Service Provider)

Follow the steps below to configure PrestaShop as SP

 Configure PrestaShop as SP

• Login to your PrestaShop admin dashboard and you will be represented with the home screen of the plugin.

• From the left pane, under the IMPROVE section, click on Modules tab.
• Select the Module Manager option from dropdown and click on the Upload a Module button to upload PrestaShop SAML SSO module.

• After you have successfully installed the plugin, under the Administration section click on the Configure button for the miniOrange SAML Single Sign-On.

• On the next screen, scroll down to the Service Provider Setup tab.
• Enter the required details:

IDP Entity ID	Copy and paste the IDP Entity ID or Issuer from the ADFS Metadata
SAML Login URL	Copy and paste the SAML Login URL from the ADFS Metadata
IDP Certificate	Copy and paste the X.509 Certificate


• Click on Save and then click on Test Configuration button.
• After the successful Test Configuration you can see the Attribute Name and values recieved from your IDP.

3. Attribute Mapping

• Attribute Mapping feature allows you to map the user attributes sent by the IDP during SSO to the user attributes at PrestaShop.
• In PrestaShop SAML plugin, go to Attribute Mapping tab and fill up the following fields in Attribute Mapping section.
• Click on Save button.

4. Login Button

• You can add a customized login button anywhere on your site or on PrestaShop login page by navigating to Design tab and then click on the Link List option.
• Click on the New block option from the top right corner.

• Enter your Name of the block and select the required hook to display the widget.

Note: To display the login button on the customer login page select the hook displayCustomerLoginFormAfter

• Scroll down to the Custom content section, enter the Title and the URL.
• Click on Add and then Save button.

In this Guide, you have successfully configured ADFS SAML Single Sign-On (ADFS SSO Login) choosing ADFS as IdP and PrestaShop as SP using miniOrange SAML Single Sign-On Service Provider plugin. This solution ensures that you are ready to roll out secure access to your PrestaShop site using ADFS login credentials within minutes.

Additional Resources

• Prestashop Single Sign-On
• What is Single Sign-On (SSO) Login?
• What is SAML? How SAML SSO works?
• Single Sign-On (SSO) Login with Prestashop as SP
• Single Sign-On (SSO) Login with Prestashop as IDP
• SAML Single Sign-On (SSO) for WordPress using ADFS as IdP | ADFS SSO Login

If you are looking for anything which you cannot find, please drop us an email on samlsupport@xecurify.com