I'm new with SAML. We are trying to create our corporation site with login function. When the user login to our corporation site, he could be redirected to Magento, which is located at another domain (or static IP). We want to use your single sign on extension. But no idea with how to create the login function on our corporation site which could act as idP.
Thanks!
5.0/5 ratings
You can use simpleSAMLphp in order to implement your Identity Provider.
Follow this documentation https://simplesamlphp.org/docs/stable/simplesamlphp-install in order to install and configure it as IdP: https://simplesamlphp.org/docs/stable/simplesamlphp-idp
You will need to use as authentication source the database of your corporation site.
Once IdP deployed, you will be able to log users into Magento using your corporation users, but in order to have SSO functionality, you may add SAML support to your corporation site (deploy Service Provider at the corporation site) and connect it to the IdP.
So at the end you have 2 Service Providers (Magento and Corporation site) and an IdP (using Corporation site database).
Thanks a lot! We are thinking about using WordPress to create our corporation general web site. We found there is WordPress plugin 'WordPress SAML 2.0 IDP', developed by miniOrange. Do you think this idP plugin is compatible with your Magento extension?
The SAML extension for Magento allows you to use any SAML 2.0-compliant Identity Provider.
So if the extension developed by miniOrange is SAML 2.0 compliant, it should work. but
I understand that miniOrange is a not a free service and you pay per user.
so as I already suggested, try to deploy simpleSAMLphp as IdP and use this wordpress authentication module: https://github.com/pitbulk/ssp-wordpress-authentication to use wordpress database as simpleSAMLphp IdP's authsources, then connect that IdP with the Magento's SAML extension.
And finally use https://es.wordpress.org/plugins/onelogin-saml-sso/ to turn Wordpress as a Service Provider
If you interested you can contact directly to me and I implement that for you. (rate 50$/hour)
Thanks a lot, Sixto. I'll try your solution.
In order to connect simpleSAMLphp IdP and Magento you need to:
1. Access to simpleSAMLphp, "federation section" and click on the IdP, it will show the IdP metadata. You need to get some data: (EntityID, SSO URL, SLO URL, certificate)
2. Access Magento SAML extension panel,
2.1 Fill the "Identity Provider Setting" with the data you retrieved.
2.2 Configure the options that you need
2.3 Set the attribute mapping, based on the name of the attributes that the IdP provides (if you enabled simpleSAMLphp SP, you can access to the "authentication section" on simpleSAMLphp, execute an authentication test, and see what attributes the IdP povide.
2.4 At "advanced settings" on Magento extension, set as SP EntityID the value appears on "Status" and SP URL Metadata. (it is an URL with the Magento base URL + /sso/saml/metadata.
3. Access at the browser to the SP URL Metadata, See the source of the page and copy the XML.
4. At simpleSAMLphp, go to the "federation" section, click on the "convert metadata", paste the XML of the SP metadata, in order to convert it on simpleSAMLphp data.
Copy the result.
5. At simpleSAMLphp filesystem, edit metadata/saml20-sp-remote.php, and add the data that you generated on the conversor.
And that is all. Follow the guide step by step and you will have simpleSAMLphp and Magento connected.
If you are not able, I offer support (50$ / h) and can guide you in a web-conference).
HI Sixto,
I have install and configured simpleSAML php in my local system. I have configured Sp and idp in simpleSAML only. Its working fine. Now i want to integrate same thing for magento in my local. Can you please guide me in this?