- About the WebSSO Module
- Setup step 1 - Installing the extension
- Setup step 2: Install the module
- Setup Step 3: If you were in production mode you have to execute:
- Setup Step 4: Deploy all the template files to the proper location:
- Setup Step 5: Make sure all the caches are cleaned
- Setup step 6: Creating a Identity Provider configuration setting
- Setup step 7: Enabling the IDP in the proper store / website
- Setup step 8: Go to the frontend/backend and see if the login page appears!
- Your Service Provider Details
About the WebSSO Module
This module allows your Magento 2 installation to communicate with Identity Providers including:
- Microsoft ADFS2.x / 3.x / SharePoint
- Google Accounts
- And many more!
Protocols Supported: - SAML2.0 - OAuth2 - OpenID
Setup step 1 - Installing the extension
Composer Installation: Contact us to get a token for your composer installation
You can easily install this extension with composer by going to your account page on our website and follow the composer installation instructions available on the page.
Alternative Installation: Download and unpack the module
The module is in Marketplace format. Therefor, you need to do the following to install it:
Go to your project root and execute the following:
cd /your-project-root mkdir -p app/code/Wizkunde/WebSSO cd app/code/Wizkunde/WebSSO tar -zxvf Wizkunde_WebSSO-<version>.tgz composer require wizkunde/samlbase:~1.2.8 composer require league/oauth2-client:~2.2
Setup step 2: Install the module
Setup Step 3: If you were in production mode you have to execute:
Setup Step 4: Deploy all the template files to the proper location:
Setup Step 5: Make sure all the caches are cleaned
Run: bin/magento cache:clean
Setup step 6: Creating a Identity Provider configuration setting
In Magento 2 go to Wizkunde -> Servers and click "Add new"
- Name - A friendly name for display purposes
- Identifier - A unique identifier, especially useful when you use 2 or more IDP's in your installation
- Server Type - Protocol to use to communicate with your Identity Provider
SAML2: Identity Provider Information
- NameID - The Name ID of your current Service Provider which is known in the trust relation on your IDP
- Metadata URL - Identity Provider Metadata URL
- Is Passive - Can allow authentication methods that do not show the user any input
- SSO Binding - The binding needed for the SSO connection
- SLO Binding - The binding needed for the SLO connection
- Metadata expiration in seconds - We cache the metadata to speed up the site loading process
- Sign SP Metadata - Weather to sign the Service Provider metadata or not
- Ignore SSO - No session will be stored, if the magento session expires, a IDP login screen reappears
- Certificate Data (CRT): The X.509 Certificate used to communicate with the SAML2 IDP server (preshared)
- Private Key (PEM): The X.509 private key used to communicate with the SAML2 IDP Server
- Certificate Passphrase: Optional passphrase to unlock the certificate
SAML2: Certificate Generation
You can since 1.9.0 conveniently generate a X.509 certificate by filling in the form on the bottom of the page and click "Generate". This will prefill the form fields for you with a unique and secure X.509 certificate.
OAuth2: Identity Provider Information
- Server Type - The type of server, plain OAuth2 or OpenID
- Scope Permissions - The permissions requested from the user at the Identity Provider
- Authorization Endpoint - The endpoint for the OAuth2 request
- Token Endpoint - The endpoint to request the tokens from
- Userinfo Endpoint - The endpoint to request the user information
- Client ID - The ID that has been made in the OAuth2 Identity Provider
- Client Secret - The secret matching the client ID made in the Identity Provider
- External attribute: The attribute as exposed by the Identity Provider.
- Transform: The transform applied on mappings
- Internal attribute: The attribute known in magento.
Setup step 7: Enabling the IDP in the proper store / website
- Go to Stores -> Configuration
- In the left bar, find Wizkunde Configuration and click on it.
- Select the right scope of your website / store to make sure you enable the IDP where you want to enable it.
- Adjust the settings according to your situation
Configuration: General Settings
- Enable SSO in frontend: Enable SSO for your end customers
- Enable SSO in backend: Enable SSO for your administrative users
- Frontend Server: The server that we're using to connect to the frontend
- Backend Server: The server that we're using to connect to the backend
- CMS Page for failed login: The page that will be shown when a login cannot be completed
Configuration: Frontend Firewall
Immediate login in frontend: If set to yes, the user will not see the Magento site before logging in, it will be immediatly redirected to the IDP instead of after clicking on "login". Very useful for B2B sites that only expose data to registered customers
CMS Whitelist: The pages which are allowed to be shown without logging in
IP Whitelist: The IP's which may access the frontend without facing the SSO login enforcement
Configuration: Audit Logging
- Logging: Enable logging for this storeview
- Log Severity: Set logging to either log everything or just failed attempts
Setup step 8: Go to the frontend/backend and see if the login page appears!
Your Service Provider Details
Metadata location FRONTEND
Metadata location BACKEND
All other data is visible in the metadata URL's provided