Powered by Magento Commerce 2.4.1

This extension is in our Payment category, and could affect the PCI compliance level of your store. It is the merchant’s responsibility to ensure the proper PCI compliance level of their store, as applicable by PCI regulations. The PCI Self-Assessment is one tool you can use when evaluating Payment extensions and how they may affect your PCI compliance level. For more information on Marketplace policies, please review the Marketplace Terms & Conditions.
saml_magento2_logo_3_3_2_1_1_2.png

Frontend / Backend Single Sign On SAML

TOTAL:
$349.00

Overview

Back to top

Add SAML Single Sign-On support to the customer login page or/and to the backend login page for Magento2. If you are working with a partner that has implemented a SAML Identity Provider, you can use this extension to interoperate with it, thereby enabling  SSO and Just-in-Time provisioning for customers/admins. It works with any IDP  provider which supports the SAML 2.0 standard. The module was implemented by Sixto Martin, author of 15+ SAML plugins and several SAML toolkits. The module was implemented for Magento 2, If you are interested in a SAML module compatible with Magento 1.X, find it here.

Customers are happy with the SAML extension and the support received.  Companies like Cisco, Erickson, Philips, Royal Mail, Securitas, Mazda,  Proclinic, Tendam, Woodmark, Toyota, Hilton, PWC, Deloitte; as well as  Medical Associations, ONGs as well as Universities, trusted in the SAML  extension. The extension adds a link, "Login via Identity provider" to the customer login form. Following the link initiates a series of redirects that are described by SAML 2.0 standard.  The customer authenticates against the SAML Identity Provider and this information about the user, group/role, (and address) are sent to Magento.  Magento authenticates the customer and lets him in. Similar happens for admins in the SAML integration with the backend.

 

Features

  • Easily switch On/Off the SAML Module
  • Frontend and Backend have differentiated Settings.
  • Supports Magento Multi-stores.
  • Allow to Login via any SAML Identity Provider, supporting Single Sign-On, IdP, and SP initiated. (POST and Redirect bindings)
  • Supports Single Log Out, IdP and SP initiated. (Redirect binding)
  • Supports IdP certificate rotation.
  • Supports SAML Messages signed and encrypted.
  • Supports Just-In-Time Provisioning: Auto-create user accounts on the fly, with the data provided by the Identity Provider.
  • Support for: customer data, group, address, custom attributes.
  • Attribute, Group/Role, Address Mapping: Ability to set the mapping between IdP fields and Magento fields.
  • Customizable SSO link text.
  • Customizable workflows.
  • Force SAML: Force SAML flow when user access login page, IP whitelist
  • SAML Only: Users which email matches an email must log only via SAML.  

 

Settings

The Settings of the extension are available at Stores > Configuration. At the Services tab, the "SAML SSO for customers" link for the Frontend and "SAML SSO for admins" for the Backend.  There you will be able to fill several sections:

  • Status. To enable or disable the extension.
  • Identity Provider. Set parameters related to the IdP that will be connected with our Magento.
  • Options. The behavior of the extension.
  • Attribute Mapping. Set the mapping between IdP fields and Magento user fields.
  • Role/Group Mapping. Set the mapping between IdP groups/roles and Magento groups/roles.
  • Address Mapping. Set the mapping between IdP fields and Magento address fields. [Only frontend]
  • Custom Mapping. Set the mapping between IdP fields and Magento custom fields. [Only frontend]
  • Custom messages. To handle what messages are shown in the login form.
  • Advanced settings. Handle some other parameters related to customizations and security issues.

At the Status section you are asked for a license key. Use the Order ID of your Magento marketplace’s purchase.  

 

Supported Use Cases

The following applies to frontend/backend

  • IdP-initiated Single Sign-On
    A SAMLRequest is sent to the Identity Provider, customer/admin authenticates against the SAML Identity Provider and then information about the user, group/roles (and address) are sent to Magento in a SAMLResponse,  Magento SAML extension validates the SAMLResponse, authenticate customer/admin (provisioning a new account if required and the feature is enabled) and let him in.
  • SP-initiated Single Sign-On
    Like the previous scenario, but here the SAML Response is directly sent by the Identity Provider and processed by the Magento SAML  extension.  
  • SP-initiated Single Logout
    SAML Logout Request is sent to the Identity Provider, the IdP close its session and the session of other related Service Providers and  ,sent back a Logout Response to the Magento instance that will close the session.  
  • IdP-initiated Single Logout
    A SAML Logout Request is sent by the Identity Provider, the  Magento instance validates it, close its session and reply back a SAML  Logout Response.   


Warranty

Support by email guaranteed. Get a reply in less than 48hr (business days).   


License warning

Use as License Key the Order ID of the purchase. When you purchase the extension, you can use it in one M2 instance. In the case of M2 running multi-sites, the license cover 3 stores using SAML SSO. If you require more stores, contact sixto.martin.garcia@gmail.com to discuss the terms. Test and developer environments can use the extension without requiring an additional license.   


Identity Providers supported

Find here a list of some of the Identity Providers supported. (Links  refer to its official documentation to configure a SAML integration).

Technical Specifications

Back to top

Seller profile

SAML Integrations

Seller contact

E-mail

Integrator

Current Version

1.6.0

Magento platform compatibility

Open Source (CE): 2.1, 2.2, 2.3, 2.4

Commerce on prem (EE): 2.2, 2.3, 2.4

Commerce on Cloud (ECE): 2.2, 2.3, 2.4

Type

Stable Build

Updated

19 August, 2020

Categories

Extensions, Payments & Security

Quality Report

Back to top

Installation & Varnish Tests

Passed

Coding Standard

Passed

Plagiarism Check

Passed

Malware Check

Passed

Marketing Review

Passed

Manual Testing

Passed

All tests were conducted on the latest versions of Magento that existed for the compatible release lines at the moment of the extension submission. Latest versions of all other software were used, as applicable.

Release Notes

Back to top

1.6.0:

  • Compatible with Open Source (CE) : 2.1 2.2 2.3 2.4
  • Compatible with Commerce on prem (EE) : 2.2 2.3 2.4
  • Compatible with Commerce on Cloud (ECE) : 2.2 2.3 2.4
  • Stability: Stable Build
  • Description:

    - Verified compatibility with Magento 2.4 (In the backend, MFA will be asked after SAML SSO success).
    - Try to solve customer data load issue reported at https://github.com/magento/magento2/issues/28428, that affetcs latest version of Magento, by adding a sections.xml file

1.5.0:

  • Compatible with Open Source (CE) : 2.1 2.2 2.3
  • Compatible with Commerce on prem (EE) : 2.2 2.3
  • Compatible with Commerce on Cloud (ECE) : 2.2 2.3
  • Stability: Stable Build
  • Description:

    - Support 25 groups
    - Support 30 roles
    - Bug-Fix Assertion Consumer endpoint

1.4.0:

  • Compatible with Open Source (CE) : 2.1 2.2 2.3
  • Stability: Stable Build
  • Description:

    - Require php-saml > 3.0.0
    - Supports Magento 2.1, 2.2, 2.3
    - Support muliple IdP x509 certs.
    - Support multiple custom fields.

1.3.0:

  • Compatible with Open Source (CE) : 2.1 2.2
  • Stability: Stable Build
  • Description:

    - Require php-saml < 3.0.0
    - Add a more detailed description of what customer/user data is updated when that option is enabled. Update mail if custom attribute defined as the way to identify customer
    - Improve the feature of disabling email notification on new accounts
    - Make processAttrs public. Fix updateCustomer parameter bug. Add support for custom attributes

1.2.0:

  • Compatible with Open Source (CE) : 2.1 2.2
  • Stability: Stable Build
  • Description:

    - Be able to send AuthNRequest with POST Binding.
    - New settings: Digest Algorithm and Lower Case URL Encoding.
    - Fix bug of view/frontend/layout/customer_account_login.xml file that affects Magento 2.2 and greater.
    - Code improvement.

1.1.1:

  • Compatible with Open Source (CE) : 2.1
  • Stability: Stable Build
  • Description:

    First version of the SAML extension with support for front-end and back-end.

1.0.0:

  • Compatible with Open Source (CE) : 2.1
  • Stability: Stable Build
  • Description:

    First version of the SAML extension with support for front-end and back-end.

Support

Back to top

The best place to start if you need help with a specific extension is to contact the developer. All Magento developers have both a contact email and a support email listed.

Contact Vendor

Q & A

Back to top

Reviews

Back to top