Magento SAML SP Single Sign On (SSO) extension would allow you to configure SAML 2.0 based Single Sign On (SSO) between your 2 Magento sites. This extension will let you configure one of your Magento Sites as your Service Provider (Magento as SP) and your other
Magento Site as the IdP (Magento as IdP)
If you have any queries or if you need any sort of assistance in configuring the extenstion, you can contact us at magentosupport@xecurify.com. If you want, we can also schedule an online
meeting to help you configure the Magento SAML Service Provoder - SAML 2.0 as SP SSO Login extension and Magento SAML IDP Single Sign-On
extension.
Pre-requisites: Download and Installation
1. Installation Steps for Magento SAML Indentity Provider (IdP) extension
Installation using Composer:
php bin/magento setup:di:compile
php bin/magento setup:upgrade
Manual Installation:
{Root Directory of Magento} app code MiniOrange IDPSaml
Run the following commands on command prompt to enable the extension
php bin/magento setup:di:compile
php bin/magento setup:upgrade
2. Installation Steps for Magento SAML Single Sign-On (SSO) extension
Installation using Composer:
php bin/magento setup:di:compile
php bin/magento setup:upgrade
Manual Installation:
- Download the miniOrange SAML Single Sign On – SAML SSO Login extension zip from here.
- Unzip all contents of the zip inside the MiniOrange/SP directory.
{Root Directory of Magento} app code MiniOrange SP
Run the following commands on command prompt to enable the extension
php bin/magento setup:di:compile
php bin/magento setup:upgrade
Steps to configure SSO for two or more Magento sites:
1. Setup 1st Magento Site as IdP (Identity Provider) for Magento to Magento SSO
Configure 1st Magento Site as the IdP (Identity Provider)
- Navigate to the 2nd Magento site.
- In the miniOrange SAML SP SSO extension, navigate to Identity Providers tab. Here, you can find the SP metadata such as SP Entity ID and ACS (AssertionConsumerService) URL which are required to configure the Identity Provider.
2. Configure 2nd Magento Site as Service Provider
In the Magento SAML SSO extension, go to the Service Provider Setup tab of the extension. There are two ways to configure the Magento SSO extension:
A. By uploading IDP metadata:
- Click on Upload IDP metadata button.
- Enter the Identity Provider Name
- You can either upload a metadata file and click on Upload button or use a metadata URL and click on Upload button.
B.Manual Configuration:
- Copy SAML Entity ID, SAML Single-Sign-On Endpoint URL and x.509 certificate from Federation Metadata document which we downloaded earlier from the 1st Magento site and paste it in IdP Entity ID or Issuer, Single Sign-on Service URL, x.509 Certificate fields respectively in the extension.
IdP Entity ID or Issuer |
SAML Entity ID in the Federation Metadata document |
Single Sign-On Service URL |
SAML Single-Sign-On Endpoint URL in the Federation Metadata document |
X.509 Certificate |
x.509 Certificate in the Federation Metadata document |
- Click on Save button to save all your settings.
- To check if your Magento as SP is configured correctly, click the Test Configuration button.
3. Sign-In Settings
- Navigate to Sign-in Settings tab. Here you find the option the enable the login link on Admin*/Customer Login Page (*Admin SSO is available in the premium versions)
- If you want to initate SSO from any page you can also use the SSO link provided in the extension.
- The Premium extension also provides you the the feature to auto redirect your user to the IdP Login Page if the user is not already logged in.
4. Customer / Admin SSO
- Go to customer login page and you will see the SSO button on your frontend. Click on the button and test the SSO.
- You will be sucessfully logged in into Magento.
- Visit your admin login page and you will see the SSO button on your admin page. Click on the button to initate SSO as an admin.
- After sucessfully logged into magento as admin you will be redirect to magento backend dashboard.
Attribute Mapping / Custom Attribute Mapping(Optional). *This is Premium feature.
1.1: Attribute Mapping (Optional).
- Attributes are user details that are stored in your Identity Provider.
- Attribute Mapping helps you to get user attributes from your Identity Provider (IdP) and map them to Magento user attributes like firstname, lastname etc.
- While auto registering the users in your Magento site these attributes will automatically get mapped to your Magento user details.
- Only NameID can be mapped to Magento's Email and Username characteristics with the free plugin. Multiple user attributes from the IdP, on the other hand, can be mapped to Magento attributes in the premium version of the plugin. You can map custom attributes that you've added to your IdP in addition to the default attributes.
- When a user performs SSO, the NameID value sent by the IdP will get mapped to the email and the username of the Magento user.
Username: |
Name of the username attribute from IdP (Keep NameID by default) |
Email: |
Name of the email attribute from IdP (Keep NameID by default) |
Group/Role: |
Name of the Role attribute from Identity Provider (IdP) |
- You can check the Test Configuration Results under Service Provider Setup tab to get a better idea of which values to map here.
1.2: Custom Attribute Mapping (Optional). *This is Premium feature.
- Enter your table name in Table field.
- Enter attribute name as your column name (in the respective table)
- Click on Add button for adding custom magento attribute and map the respective field with the attribute receiving from your identity provider
- Click on save button for saving the configuration.
- You can also delete the configuration by entering the name in attribute name field and then click on delete button.
Role Mapping (Optional). *This is Premium feature.
- You can specify a default role in the free plugin that will be allocated to all non-admin users when they conduct SSO.
- Go to Attribute/Role mapping tab and navigate to Role Mapping section.
- Select the Default Role and click on the Save button.
Additional Resources
If you are looking for anything which you cannot find, please drop us an email on magentosupport@xecurify.com