Clone wiki

Magento2 WebSSO / Home

About the WebSSO Module

This module allows your Magento 2 installation to communicate with Identity Providers including:

  • Microsoft ADFS2.x / 3.x / SharePoint
  • SalesForce
  • Google Accounts
  • NetIQ
  • OneLogin
  • SimpleSAMLPhp
  • And many more!

Protocols Supported: - SAML2.0 - OAuth2 - OpenID

Setup step 1 - Installing the extension

Composer Installation: Contact us to get a token for your composer installation

You can easily install this extension with composer by going to your account page on our website and follow the composer installation instructions available on the page.

Alternative Installation: Download and unpack the module

The module is in Marketplace format. Therefor, you need to do the following to install it:

Go to your project root and execute the following:

cd /your-project-root
mkdir -p app/code/Wizkunde/WebSSO
cd app/code/Wizkunde/WebSSO
tar -zxvf Wizkunde_WebSSO-<version>.tgz
composer require wizkunde/samlbase:~1.2.8
composer require league/oauth2-client:~2.2

require-samlbase.png composer-oauth.png

Setup step 2: Install the module

bin/magento setup:upgrade


Setup Step 3: If you were in production mode you have to execute:

bin/magento setup:di:compile

Setup Step 4: Deploy all the template files to the proper location:

bin/magento setup:static-content:deploy


Setup Step 5: Make sure all the caches are cleaned

Run: bin/magento cache:clean


Setup step 6: Creating a Identity Provider configuration setting

In Magento 2 go to Wizkunde -> Servers and click "Add new"

General Information


  • Name - A friendly name for display purposes
  • Identifier - A unique identifier, especially useful when you use 2 or more IDP's in your installation
  • Server Type - Protocol to use to communicate with your Identity Provider

SAML2: Identity Provider Information


  • NameID - The Name ID of your current Service Provider which is known in the trust relation on your IDP
  • Metadata URL - Identity Provider Metadata URL
  • Is Passive - Can allow authentication methods that do not show the user any input
  • SSO Binding - The binding needed for the SSO connection
  • SLO Binding - The binding needed for the SLO connection
  • Metadata expiration in seconds - We cache the metadata to speed up the site loading process
  • Sign SP Metadata - Weather to sign the Service Provider metadata or not
  • Ignore SSO - No session will be stored, if the magento session expires, a IDP login screen reappears
  • Certificate Data (CRT): The X.509 Certificate used to communicate with the SAML2 IDP server (preshared)
  • Private Key (PEM): The X.509 private key used to communicate with the SAML2 IDP Server
  • Certificate Passphrase: Optional passphrase to unlock the certificate

OAuth2: Identity Provider Information


  • Server Type - The type of server, plain OAuth2 or OpenID
  • Scope Permissions - The permissions requested from the user at the Identity Provider
  • Authorization Endpoint - The endpoint for the OAuth2 request
  • Token Endpoint - The endpoint to request the tokens from
  • Userinfo Endpoint - The endpoint to request the user information
  • Client ID - The ID that has been made in the OAuth2 Identity Provider
  • Client Secret - The secret matching the client ID made in the Identity Provider



  • External attribute: The attribute as exposed by the Identity Provider.
  • Transform: The transform applied on mappings
  • Internal attribute: The attribute known in magento.

Setup step 7: Enabling the IDP in the proper store / website


  • Go to Stores -> Configuration
  • In the left bar, find Wizkunde Configuration and click on it.
  • Select the right scope of your website / store to make sure you enable the IDP where you want to enable it.
  • Adjust the settings according to your situation

  • Enable SSO in frontend: Enable SSO for your end customers

  • Enable SSO in backend: Enable SSO for your administrative users
  • Immediate login in frontend: If set to yes, the user will not see the Magento site before logging in, it will be immediatly redirected to the IDP instead of after clicking on "login". Very useful for B2B sites that only expose data to registered customers
  • Server: The server that we're using to connect
  • Logging: Enable logging for this storeview
  • Debug Logging: Set logging to be verbose for this storeview

Setup step 8: Go to the frontend/backend and see if the login page appears!

login-oauth.png saml-login.png

Your Service Provider Details

Metadata location

https://<your store>/sso/metadata

Assertion Consumer Service URL

https://<your store>/sso/account/login

Artifact Resolution Service URL

https://<your store>/sso/account/login

Single Logout URL

https://<your store>/sso/account/logout