Overview
Back to topThe extension is compatible with Magento CE, Magento EE, and its Cloud Edition.
Add SAML Single Sign-On support for customers to your Magento 2 instance. If you are working with a partner/company that has implemented a SAML identity provider, you can use this extension to interoperate with it, thereby enabling SSO and Just-in-Time provisioning for customers. It works with any IDP provider which supports the SAML 2.0 standard. The module was implemented by Sixto Martin, author of 15+ SAML plugins and several SAML toolkits. The module was implemented for Magento 2, If you are interested in a SAML module compatible with Magento 1.X, find it here.
Customers are happy with the SAML extension and the support received. Companies like Cisco, Erickson, Philips, Royal Mail, Securitas, Mazda, Proclinic, Tendam, Woodmark, Toyota, Hilton, PWC, Deloitte; as well as Medical Associations, ONGs as well as Universities, trusted in the SAML extension. The extension adds a link, "Login via Identity provider" to the customer login form. Following the link initiates a series of redirects that are described by SAML 2.0 standard. The customer authenticates against the SAML Identity Provider and then information about the user, group, and address are sent to Magento. Magento authenticates the customer and lets him in.
Features
- Easily switch On/Off the SAML Module.
- Supports Magento Multi-stores.
- Allow to Login via any SAML Identity Provider, supporting
Single Sign-On, IdP, and SP initiated. (POST and Redirect bindings) - Supports Single Log Out, IdP and SP initiated. (Redirect binding)
- Supports IdP certificate rotation.
- Supports SAML Messages signed and encrypted.
- Supports Just-In-Time Provisioning: Auto-create user accounts on the fly, with the data provided by the Identity Provider.
- Support for: customer data, group, address, custom attributes.
- Attribute, Group, Address Mapping: Ability to set the mapping between IdP fields and Magento fields.
- Customizable SSO link text.
- Customizable workflows.
- Force SAML: Force SAML flow when user access login page, IP whitelist
- SAML Only: Users which email matches an email must log only via SAML.
Settings
- Status. To enable or disable the extension.
- Identity Provider. Set parameters related to the IdP that will be connected with our Magento.
- Options. The behavior of the extension.
- Protect Options. Protection features
- Attribute Mapping. Set the mapping between IdP fields and Magento user fields.
- Group Mapping. Set the mapping between IdP groups and Magento groups.
- Address Mapping. Set the mapping between IdP fields and Magento address fields
- Custom Mapping. Set the mapping between IdP fields and Magento custom fields. You will also be able to identify Magento accounts by a custom field instead of the mail.
- Custom messages. To handle what messages are shown in the login form.
- Advanced settings. Handle some other parameters related to customizations and security issues.
Use Cases
Supports:
- IdP-initiated Single Sign-On
- A SAMLRequest is sent to the Identity Provider, customer authenticates against the SAML Identity Provider and then information about the user, group and address are sent to Magento in a SAMLResponse, Magento SAML extension validates the SAMLResponse, authenticate customer (provisioning a new account if required and the feature is enabled) and let him in.
- SP-initiated Single Sign-On
- Like the previous scenario, but here the SAML Response is directly sent by the Identity Provider and processed by the Magento SAML extension.
- SP-initiated Single Logout
- A SAML Logout Request is sent to the Identity Provider, the IdP close its session and the session of other related Service Providers and sent back a Logout Response to the Magento instance that will close the session.
- IdP-initiated Single Logout
- A SAML Logout Request is sent by the Identity Provider, the Magento instance validates it, close its session and reply back a SAML Logout Response.
Support/Warranty
Support by email guaranteed. Get a reply in less than 48hr (business days)
License Warning
Use as License Key the Order ID of the purchase. When you purchase the extension, you can use it in one M2 instance. In the case of M2 running multi-sites, the license cover 3 stores using SAML SSO. If you require more stores, contact sixto.martin.garcia@gmail.com to discuss the terms. Test and developer environments can use the extension without requiring an additional license.
Identity Providers Supported
Find here a list of some of the Identity Providers supported. (Links refer to its official documentation to configure a SAML integration).
Technical Specifications
Back to topSeller profile
Seller contact
Current Version
1.11.0
Adobe Commerce platform compatibility
Adobe Commerce (cloud): 2.4 (current), 2.2 (obsolete), 2.3 (obsolete)
Adobe Commerce (on-prem): 2.4 (current), 2.2 (obsolete), 2.3 (obsolete)
Magento Open Source: 2.4 (current), 2.0 (obsolete), 2.1 (obsolete), 2.2 (obsolete), 2.3 (obsolete)
Type
Stable Build
Updated
26 October, 2023
Categories
Extensions, Content & Customizations
Documentation
License Type
Policy
Quality Report
Back to topAll tests were conducted on the latest versions of Adobe Commerce that existed for the compatible release lines at the moment of the extension submission. Latest versions of all other software were used, as applicable.
Release Notes
Back to top1.11.0:
- Compatible with Adobe Commerce (cloud) : 2.3 2.4
- Compatible with Adobe Commerce (on-prem) : 2.3 2.4
- Compatible with Magento Open Source : 2.3 2.4
- Stability: Stable Build
-
Description:
- Fix default group bug (previously the system group was always assigned).
- Add AssertionProcessed Event and Logger Observer.
- Set default value for idpSSOBinding and cast expected bool settings to bool after calling getConfig or getConfigAdvanced.
1.10.4:
- Compatible with Adobe Commerce (cloud) : 2.3 2.4
- Compatible with Adobe Commerce (on-prem) : 2.3 2.4
- Compatible with Magento Open Source : 2.3 2.4
- Stability: Stable Build
-
Description:
- Remove non necessary use of escapeUrl
1.10.3:
- Compatible with Adobe Commerce (cloud) : 2.3 2.4
- Compatible with Adobe Commerce (on-prem) : 2.3 2.4
- Compatible with Magento Open Source : 2.3 2.4
- Stability: Stable Build
-
Description:
- Fix bug. Customer does not have setIsActive
- Check param is not null before calling strpos
1.10.2:
- Compatible with Adobe Commerce (cloud) : 2.3 2.4
- Compatible with Adobe Commerce (on-prem) : 2.3 2.4
- Compatible with Magento Open Source : 2.3 2.4
- Stability: Stable Build
-
Description:
Fix Linter issue on PHP7.X due the use of #[AllowDynamicProperties]
1.10.1:
- Compatible with Adobe Commerce (cloud) : 2.3 2.4
- Compatible with Adobe Commerce (on-prem) : 2.3 2.4
- Compatible with Magento Open Source : 2.3 2.4
- Stability: Stable Build
-
Description:
- Remove unnecesary file view/adminhtml/layout/adminhtml_auth_login.xml
1.10.0:
- Compatible with Adobe Commerce (cloud) : 2.2 2.3 2.4
- Compatible with Adobe Commerce (on-prem) : 2.3 2.4
- Compatible with Magento Open Source : 2.3 2.4
- Stability: Stable Build
-
Description:
- Tested compatibility with PHP 8.2 and Magento 2.4.6
- Support Proxy Vars (useful when Magento is behind load balancer or Proxy and HTTP_X_FORWARDED vars needs to be read to build properly URLs). A new Advanced setting.
- Added Support for redirecting to original target when Force SAML is enabled (Read HTTP_REFERER).
- Trim role and group values from Group/Role Mapping section to avoid issues with extra spaces introduced.
- Blacklist unexpected HTTP Method (PATCH, PUT, DELETE) and Ajax call on SAML controller.
- Refactor StoreCode logic at Abstract controler.
- Refactor and clean code (phpcs).
- Fix more PHP 8.1 compatibility issues
1.9.10:
- Compatible with Adobe Commerce (cloud) : 2.2 2.3 2.4
- Compatible with Adobe Commerce (on-prem) : 2.3 2.4
- Compatible with Magento Open Source : 2.3 2.4
- Stability: Stable Build
-
Description:
- Compatibility with PHP 8.1
- Disable customer send email feature only gonna affects SAML flows now
1.9.9:
- Compatible with Adobe Commerce (cloud) : 2.2 2.3 2.4
- Compatible with Adobe Commerce (on-prem) : 2.3 2.4
- Compatible with Magento Open Source : 2.3 2.4
- Stability: Stable Build
-
Description:
- Fix parse_str deprecation issue
1.9.8:
- Compatible with Adobe Commerce (cloud) : 2.2 2.3 2.4
- Compatible with Adobe Commerce (on-prem) : 2.3 2.4
- Compatible with Magento Open Source : 2.3 2.4
- Stability: Stable Build
-
Description:
- Fix typo on Controller/Saml2/Login.php, missed declaration of $customerSession var.
- Only assign groupid if it has a valid number.
1.9.7:
- Compatible with Adobe Commerce (cloud) : 2.2 2.3 2.4
- Compatible with Adobe Commerce (on-prem) : 2.3 2.4
- Compatible with Magento Open Source : 2.3 2.4
- Stability: Stable Build
-
Description:
- Add support for PHP 8.1
- Refactor Group and Custom Attribute code
1.9.6:
- Compatible with Adobe Commerce (cloud) : 2.2 2.3 2.4
- Compatible with Adobe Commerce (on-prem) : 2.3 2.4
- Compatible with Magento Open Source : 2.3 2.4
- Stability: Stable Build
-
Description:
- Avoid losing guest cart, by enabling a flag in options section (Fix bug of EE and Cloud 2.4.X)
- Never cache Login or ACS view
- Improve RelayState support at Logout view
- Be able to use id as a custom attribute to identify users
- Support unified SP
- If there is an error in the JIT process, don't call customer_register_success.
1.9.5:
- Compatible with Adobe Commerce (cloud) : 2.2 2.3 2.4
- Compatible with Adobe Commerce (on-prem) : 2.3 2.4
- Compatible with Magento Open Source : 2.3 2.4
- Stability: Stable Build
-
Description:
- Fix typo that was affecting SSO via HTTP-POST introduced on 1.9.4
- There is a current bug affecting Enterprise and Cloud Edition versions 2.4.1 and 2.4.2 where guess cart items are not added to the logged user cart after SSO.
1.9.4:
- Compatible with Adobe Commerce (cloud) : 2.2 2.3 2.4
- Compatible with Adobe Commerce (on-prem) : 2.3 2.4
- Compatible with Magento Open Source : 2.3 2.4
- Stability: Stable Build
-
Description:
- Invalidate customerData on Login view, following same process than the normal login
1.9.3:
- Compatible with Adobe Commerce (cloud) : 2.2 2.3 2.4
- Compatible with Adobe Commerce (on-prem) : 2.3 2.4
- Compatible with Magento Open Source : 2.3 2.4
- Stability: Stable Build
-
Description:
- Support RetrieveParametersFromServer setting as an extra alternative to fix possible issues with Signature validation on SLO sent by ADFS/Azure
1.9.2:
- Compatible with Adobe Commerce (cloud) : 2.2 2.3 2.4
- Compatible with Adobe Commerce (on-prem) : 2.3 2.4
- Compatible with Magento Open Source : 2.3 2.4
- Stability: Stable Build
-
Description:
- Fix typo on SLS endpoint.
1.9.1:
- Compatible with Adobe Commerce (cloud) : 2.2 2.3 2.4
- Compatible with Adobe Commerce (on-prem) : 2.3 2.4
- Compatible with Magento Open Source : 2.3 2.4
- Stability: Stable Build
-
Description:
- Fix cache issue on Frontend SLO HTTP-POST
- Fix want_assertion_signed flag
1.9.0:
- Compatible with Adobe Commerce (cloud) : 2.2 2.3 2.4
- Compatible with Adobe Commerce (on-prem) : 2.2 2.3 2.4
- Compatible with Magento Open Source : 2.0 2.1 2.2 2.3 2.4
- Stability: Stable Build
-
Description:
- Support more Group Mapping modes.
- Support POST binding Logout and SLO
1.8.0:
- Compatible with Adobe Commerce (cloud) : 2.2 2.3 2.4
- Compatible with Adobe Commerce (on-prem) : 2.2 2.3 2.4
- Compatible with Magento Open Source : 2.0 2.1 2.2 2.3 2.4
- Stability: Stable Build
-
Description:
- Workaround to solve the customer data load which cause issues on welcome message or the cart/checkout view. Now a new setting in the Options section is available to make ACS endpoint to force the customer data load via javascript
- Add feature to be able block users, providing its email, to be logged via SAML
1.7.0:
- Compatible with Adobe Commerce (cloud) : 2.2 2.3 2.4
- Compatible with Adobe Commerce (on-prem) : 2.2 2.3 2.4
- Compatible with Magento Open Source : 2.0 2.1 2.2 2.3 2.4
- Stability: Stable Build
-
Description:
- Verified compatibility with Magento 2.4 (In the backend, MFA will be asked after SAML SSO success).
- Try to solve customer data load issue reported at https://github.com/magento/magento2/issues/28428, that affects the latest version of Magento, by adding a sections.xml file
1.6.2:
- Compatible with Adobe Commerce (cloud) : 2.2 2.3
- Compatible with Adobe Commerce (on-prem) : 2.2 2.3
- Compatible with Magento Open Source : 2.0 2.1 2.2 2.3
- Stability: Stable Build
-
Description:
- Fix group mapping bug
1.6.1:
- Compatible with Magento Open Source : 2.0 2.1 2.2 2.3
- Stability: Stable Build
-
Description:
- Fix an issue with the new section protect-options that had to be renamed to protect_options. Customers that were using 1.6.0 version will need to reassign the settings of that section.
1.6.0:
- Compatible with Magento Open Source : 2.0 2.1 2.2 2.3
- Stability: Stable Build
-
Description:
Force SAML was moved to a new section so, when upgrading to this version of the extension, make sure to redefine its value.
- Add a Protect Option section with the features: Force SAML, Whitelist Force SAML by IP, Conditional SAML Only by domain, Whitelist conditional SAML Only, and Force Address view redirection.
- Add optional RelayState validation.
- Extend support of groups to 25.
- Refactor executePostLogin as a helper.
- Support SAML Logout with NameId Format, Name Qualified and SP Name Qualified values.
- Fix typos on ACS view
- Add webrestriction.xsd
1.5.0:
- Compatible with Magento Open Source : 2.0 2.1 2.2 2.3
- Stability: Stable Build
-
Description:
- Support Search Criteria: LIKE and EQ
- Fix bug on tryLogAndRedirect method.
- Register some events: pitbulk_saml2_customer_check, pitbulk_saml2_customer_successfully_updated, pitbulk_saml2_customer_successfully_created)
1.4.0:
- Compatible with Magento Open Source : 2.0 2.1 2.2 2.3
- Stability: Stable Build
-
Description:
- Require php-saml > 3.0.0
- Supports Magento 2.0, 2.1, 2.2, 2.3
- Support muliple IdP x509 certs.
- Support multiple custom fields.
1.3.0:
- Compatible with Magento Open Source : 2.0 2.1 2.2
- Stability: Stable Build
-
Description:
- Require php-saml < 3.0.0
- Add a more detailed description of what customer/user data is updated when that option is enabled. Update mail if custom attribute defined as the way to identify customer
- Improve the feature of disabling email notification on new accounts
- Make processAttrs public. Fix updateCustomer parameter bug. Add support for custom attributes
1.2.1:
- Compatible with Magento Open Source : 2.1 2.2
- Stability: Stable Build
-
Description:
- Fix metadata url of the Status section for multi-stores.
- Update php-saml version
1.2.0:
- Compatible with Magento Open Source : 2.1 2.2
- Stability: Stable Build
-
Description:
- Add SSO on user backend login
- Add support to nameIDFormat on LogoutRequests
1.1.1:
- Compatible with Magento Open Source : 2.0
- Stability: Stable Build
-
Description:
- Fixed a minor issue on etc/adminhtml/system.xml file where there was a typo.
- Update php-saml library (2.10.1)
- Fixed address provisioning process.
- Code clean to pass M2 codestyle.
1.1.0:
- Compatible with Magento Open Source : 2.0
- Stability: Stable Build
-
Description:
* New namespace
* Add readme/installation instructions
1.0.0:
- Compatible with Magento Open Source : 2.0
- Stability: Stable Build
-
Description:
Magento2 extension that add SAML Single Sign On support to the customer login page.
If you are working with a partner that has implemented a SAML identity provider, you can use this extension to interoperate with it, thereby enabling SSO for customers. It works with any IDP providers, including OneLogin, Okta, Ping Identity, ADFS, Salesforce, SharePoint...
The module was implemented by [Sixto Martin](http://pitbulk.github.io) , author of 15+ SAML plugins and several SAML toolkits.
The module was implemented for Magento 2, If you are interested in a SAML module compatible with Magento 1.X
access: https://www.magentocommerce.com/magento-connect/saml-single-sign-on-extension.html
Support
Back to topThe best place to start if you need help with a specific extension is to contact the developer. All Adobe Commerce developers have both a contact email and a support email listed.
Contact Vendor