Admin SAML Single Sign On Magento Extension
This extension allows you to use any SAML 2.0-compliant Identity Provider for Single Sign-On to your Magento instance.
You can use this extension to interoperate with any Identity Provider, enabling SSO at the backend for administrators. It works with any IDP providers, including OneLogin, Okta, Ping Identity, ADFS, Salesforce, SharePoint,..
Our customers are happy with the extension and with the support received. Companies like Cisco, Toyota or PWC trusted on our services
The extension add SAML support at Magento deploying a Service Provider. On this extension the SAML flow can be initiated at the Identity Provider or at the Service Provider. Once metadata info is exchange between the entities and the rest of the settings configured on the admin panel, the Single Sign On feature is available and a customized link will appear on the admin login form.
Once logged on the Identity Provider, a SAMLResponse that includes data of the user will be sent to the Service Provider's Assertion Consumer Service endpoint, there the attributes will be mapped based on the settings and a related user account will be searched with the resulted data. If there is a match the user will be logged, if not and the Just-In-Time functionality is enabled, a new user account will be created on the fly. The extension also support roles.
The single Logout service is an optional feature that is also included on the extension, this service will close not only the Magneto's session, also the sessions of the Identity Provider and all active sessions of the related Service Providers.
At the advanced section of the settings there are a lot of parameters that controls how the Service Provider works, making it compatible with any Identity Provider. There you can decide if require the SAML Messages signed and encrypted or not, if sign the messages and the algorithm used, the NameId Format, the AuthContext required, ...
Please note that the module was implemented by Sixto Martin, author of 15+ SAML plugins and several SAML toolkits. Support by mail guaranteed. Get a reply in less than 48h (business day).
With this extended admin login form, your users can access Magento backend with any the Identity Provider established, they just click on the link “Login via your Identity Provider”, (the message is customizable) to carry out their login process.
In the “Identity Provider Settings” section, you can set up some info related to the IdP that will be connected with your Magento. Contact the IdP’s administrator and ask him for the IdP metadata in order to fill the fields: IdP Entity Id, Single Sign On Service Url, Single Log Out Service Url and x509 public certificate.
In the “Options” section the behavior of the plugin is set, so you just select “ Yes” for some improtant fields: Create user if not exists, Update user data, Sync role when updating user, default RoleId and Single Log Out.
In the “Attribute mapping” section, we can set the mapping between IdP fields and Magento fields.
In the “Role mapping” section, we can set the mapping between IdP Role values and Magento Roles. Example: admin, owner, super-user. There are 10 fields, the id means that Role id=1 will match the Magento role that has id=1 if exists.
In the “Advanced Settings” section, you can easily handle some other parameters related to customizations and security issues. If sign/encryption is enabled, then x509 cert and private key for the SP must be provided.
Full List Of Features
Enable SAML Single Sign On to the backend with this extension simply.
Connect a Magento instance with any SAML Identity Provider.
Allow to Login via Identity Provider.
Possible to single sign on/ log out service Url.
Easily switch On/Off the Admin SAML Module.
Provisioning/Auto-update user data.
Single Sign On (IdP & SP initiated).
Single Log Out (IdP & SP initiated).
Just-In-Time Provisioning (user data + roles).
Auto-provisioning: allow to create a new user with the data provided by the IdP.
Auto-update: update the account of the user with the data provided by the IdP and Review the Mapping section.
Possibly set the mapping between IdP fields and Magento fields.
Easily install and use.
Product Reviews (0) Write a review
There are yet no reviews for this product.
Submit your review
First: rate the product. Please select a rating between 1 (poorest) and 5 stars (best)
Become a client on Cmsmart, you are protected strongly with our Client Protection Programe. Especially we built -in a strong Central Ticket Support system to help clients and partners working on the products item support after purchased.Go to item support
Take in mind that you will need a license for each of them.
Learn more at: https://github.com/jch/saml
This SAML setting panel contains different sections with a bunch of fields. All of them have a short description that explains what value to use on it.
The extension uses the Onelogin php-saml toolkit , so take a look at its settings if you have more doubts
Take in mind that SP expects to receive the SAMLResponse using the HTTP-Post binding, and rest of the SAML messages are exchange using HTTP-Redirect binding.
If you need custom solutions for specific apps, or you don't have much idea about SAML and are not able to configure the Identity Provider, you can contact me at email@example.com and I can offer my help and agree rate per worked hour.
We are happy to provide the customization services to buyer of this product, please submit your request here and we will contact you ASAP
Updated: 2017, Feb 27
Updated: 2016, Oct 18
Updated: 2016, Mar 09
2017, Feb 27
Magento 1.7.x, Magento 1.8.x, Magento 1.9.2.x, Magento 1.9.x