Magento SAML SP Single Sign On (SSO) extension would allow you to configure SAML 2.0 based Single Sign On (SSO) between your 2 Magento sites. This extension will let you configure one of your Magento Sites as your Service Provider (Magento as SP) and your other Magento Site as the IdP (Magento as IdP)

If you have any queries or if you need any sort of assistance in configuring the extenstion, you can contact us at magentosupport@xecurify.com. If you want, we can also schedule an online meeting to help you configure the Magento SAML Service Provoder - SAML 2.0 as SP SSO Login extension and Magento SAML IDP Single Sign-On extension.

Pre-requisites: Download and Installation

1. Installation Steps for Magento SAML Indentity Provider (IdP) extension

Installation using Composer:

• Purchase the miniOrange SAML IDP Single Sign-On extension from magento marketplace.
• Go to My profile -> My Purchases
• Please ensure you are using correct access keys (My Profile - Access Keys)
• Paste the access keys in your auth.json file inside your project
• Use the below command to add the extension to your project.

  "composer require {module_name}:{version}"

• You can see the module name and list of versions in the selector below the extension module name.
• Run the following commands on command prompt to enable the extension.

php bin/magento setup:di:compile

php bin/magento setup:upgrade

Manual Installation:

• Download the miniOrange SAML IDP Single Sign-On extension.
• Unzip all contents of the zip inside the MiniOrange/IDPSaml directory.

{Root Directory of Magento} app code MiniOrange IDPSaml

• Run the following commands on command prompt to enable the extension

php bin/magento setup:di:compile

php bin/magento setup:upgrade

2. Installation Steps for Magento SAML Single Sign-On (SSO) extension

Installation using Composer:

• Purchase the miniOrange SAML Single Sign On – SAML SSO Login extension from magento marketplace.
• Go to My profile -> My Purchases
• Please ensure you are using correct access keys (My Profile - Access Keys)
• Paste the access keys in your auth.json file inside your project
• Use the below command to add the extension to your project.

  "composer require saml-sp-single-sign-on:{version}"

• You can see the module name and list of versions in the selector below the extension module name.
• Run the following commands on command prompt to enable the extension.

php bin/magento setup:di:compile

php bin/magento setup:upgrade

Manual Installation:

• Download the miniOrange SAML Single Sign On – SAML SSO Login extension zip from here.
• Unzip all contents of the zip inside the MiniOrange/SP directory.

{Root Directory of Magento} app code MiniOrange SP

• Run the following commands on command prompt to enable the extension

php bin/magento setup:di:compile

php bin/magento setup:upgrade

Steps to configure SSO for two or more Magento sites:

1. Setup 1^st Magento Site as IdP (Identity Provider) for Magento to Magento SSO

 Configure 1^st Magento Site as the IdP (Identity Provider)

• Navigate to the 2^nd Magento site.
• In the miniOrange SAML SP SSO extension, navigate to Identity Providers tab. Here, you can find the SP metadata such as SP Entity ID and ACS (AssertionConsumerService) URL which are required to configure the Identity Provider.

• Navigate to the 1^st Magento site.
• Go to the Magento IDP extension, navigate to the Service Provider settings tab.
• Enter the values corresponding to the information from the Service Provider.

Note: The logout URL and the relystate URL are provided in the premium version.



• Click on the Save button to save your configurations.
• Go to the IDP Metadata tab. Here you can find information for configuring the Service Provider.
• You can also download the metadata XML file, by clicking on the download link.

• You have successfully configured 1^st Magento site as IdP.

2. Configure 2^nd Magento Site as Service Provider

In the Magento SAML SSO extension, go to the Service Provider Setup tab of the extension. There are two ways to configure the Magento SSO extension:

A. By uploading IDP metadata:

• Click on Upload IDP metadata button.
• Enter the Identity Provider Name
• You can either upload a metadata file and click on Upload button or use a metadata URL and click on Upload button.

B.Manual Configuration:

• Copy SAML Entity ID, SAML Single-Sign-On Endpoint URL and x.509 certificate from Federation Metadata document which we downloaded earlier from the 1st Magento site and paste it in IdP Entity ID or Issuer, Single Sign-on Service URL, x.509 Certificate fields respectively in the extension.

IdP Entity ID or Issuer	SAML Entity ID in the Federation Metadata document
Single Sign-On Service URL	SAML Single-Sign-On Endpoint URL in the Federation Metadata document
X.509 Certificate	x.509 Certificate in the Federation Metadata document


• Click on Save button to save all your settings.
• To check if your Magento as SP is configured correctly, click the Test Configuration button.

3. Sign-In Settings

• Navigate to Sign-in Settings tab. Here you find the option the enable the login link on Admin*/Customer Login Page (*Admin SSO is available in the premium versions)

• If you want to initate SSO from any page you can also use the SSO link provided in the extension.

• The Premium extension also provides you the the feature to auto redirect your user to the IdP Login Page if the user is not already logged in.

4. Customer / Admin SSO

• Customer Single Sign-On (Customer SSO)
• Admin Single Sign-On (Admin SSO)

• Go to customer login page and you will see the SSO button on your frontend. Click on the button and test the SSO.

• You will be sucessfully logged in into Magento.

• Visit your admin login page and you will see the SSO button on your admin page. Click on the button to initate SSO as an admin.

• After sucessfully logged into magento as admin you will be redirect to magento backend dashboard.

Attribute Mapping / Custom Attribute Mapping(Optional). *This is Premium feature.

1.1: Attribute Mapping (Optional).

• Attributes are user details that are stored in your Identity Provider.
• Attribute Mapping helps you to get user attributes from your Identity Provider (IdP) and map them to Magento user attributes like firstname, lastname etc.
• While auto registering the users in your Magento site these attributes will automatically get mapped to your Magento user details.
• Only NameID can be mapped to Magento's Email and Username characteristics with the free plugin. Multiple user attributes from the IdP, on the other hand, can be mapped to Magento attributes in the premium version of the plugin. You can map custom attributes that you've added to your IdP in addition to the default attributes.
• When a user performs SSO, the NameID value sent by the IdP will get mapped to the email and the username of the Magento user.


Username:	Name of the username attribute from IdP (Keep NameID by default)
Email:	Name of the email attribute from IdP (Keep NameID by default)
Group/Role:	Name of the Role attribute from Identity Provider (IdP)

• You can check the Test Configuration Results under Service Provider Setup tab to get a better idea of which values to map here.

1.2: Custom Attribute Mapping (Optional). *This is Premium feature.

• Enter your table name in Table field.
• Enter attribute name as your column name (in the respective table)
• Click on Add button for adding custom magento attribute and map the respective field with the attribute receiving from your identity provider
• Click on save button for saving the configuration.
• You can also delete the configuration by entering the name in attribute name field and then click on delete button.

Role Mapping (Optional). *This is Premium feature.

• You can specify a default role in the free plugin that will be allocated to all non-admin users when they conduct SSO.
• Go to Attribute/Role mapping tab and navigate to Role Mapping section.
• Select the Default Role and click on the Save button.

Additional Resources

• What is Single Sign-On (SSO)?
• What is SAML?
• Magento SAML Single Sign-On (SSO)
• Magento OAuth Client Single Sign-On (SSO)
• Frequently Asked Questions (FAQs)

If you are looking for anything which you cannot find, please drop us an email on magentosupport@xecurify.com