Toggle Nav
Menu
Account
  • Sign In
    • Search

    Powered by Adobe Commerce 2.4.7-p4

    This extension is in our Payment category. Please remember that it is the merchant’s responsibility to ensure the proper PCI compliance level of their store, as applicable by PCI regulations. The PCI Self-Assessment is one tool you can use when evaluating Payment extensions and how they may affect your PCI compliance level. For more information on Marketplace policies, please review the Marketplace Terms & Conditions.
    saml_magento2_logo_3_3_2_1_1_2.png

    Frontend / Backend Single Sign On SAML

    by Sixto Pablo Martin Garcia
    main product photo
    PRODUCT:
    0
    TOTAL:
    Contact Vendor

    Overview

    Back to top

    Add SAML Single Sign-On support to the customer login page or/and to the backend login page for Magento2. If you are working with a partner that has implemented a SAML Identity Provider, you can use this extension to interoperate with it, thereby enabling  SSO and Just-in-Time provisioning for customers/admins. It works with any IDP  provider which supports the SAML 2.0 standard. The module was implemented by Sixto Martin, author of 15+ SAML plugins and several SAML toolkits. The module was implemented for Magento 2, If you are interested in a SAML module compatible with Magento 1.X, find it here.

    Customers are happy with the SAML extension and the support received.  Companies like Cisco, Erickson, Philips, Royal Mail, Securitas, Mazda,  Proclinic, Tendam, Woodmark, Toyota, Hilton, PWC, Deloitte; as well as  Medical Associations, ONGs as well as Universities, trusted in the SAML  extension. The extension adds a link, "Login via Identity provider" to the customer login form. Following the link initiates a series of redirects that are described by SAML 2.0 standard.  The customer authenticates against the SAML Identity Provider and this information about the user, group/role, (and address) are sent to Magento.  Magento authenticates the customer and lets him in. Similar happens for admins in the SAML integration with the backend.

     

    Features

    • Easily switch On/Off the SAML Module
    • Frontend and Backend have differentiated Settings.
    • Supports Magento Multi-stores.
    • Allow to Login via any SAML Identity Provider, supporting Single Sign-On, IdP, and SP initiated. (POST and Redirect bindings)
    • Supports Single Log Out, IdP and SP initiated. (Redirect binding)
    • Supports IdP certificate rotation.
    • Supports SAML Messages signed and encrypted.
    • Supports Just-In-Time Provisioning: Auto-create user accounts on the fly, with the data provided by the Identity Provider.
    • Support for: customer data, group, address, custom attributes.
    • Attribute, Group/Role, Address Mapping: Ability to set the mapping between IdP fields and Magento fields.
    • Customizable SSO link text.
    • Customizable workflows.
    • Force SAML: Force SAML flow when user access login page, IP whitelist
    • SAML Only: Users which email matches an email must log only via SAML.  

     

    Settings

    The Settings of the extension are available at Stores > Configuration. At the Services tab, the "SAML SSO for customers" link for the Frontend and "SAML SSO for admins" for the Backend.  There you will be able to fill several sections:

    • Status. To enable or disable the extension.
    • Identity Provider. Set parameters related to the IdP that will be connected with our Magento.
    • Options. The behavior of the extension.
    • Attribute Mapping. Set the mapping between IdP fields and Magento user fields.
    • Role/Group Mapping. Set the mapping between IdP groups/roles and Magento groups/roles.
    • Address Mapping. Set the mapping between IdP fields and Magento address fields. [Only frontend]
    • Custom Mapping. Set the mapping between IdP fields and Magento custom fields. [Only frontend]
    • Custom messages. To handle what messages are shown in the login form.
    • Advanced settings. Handle some other parameters related to customizations and security issues.

    At the Status section you are asked for a license key. Use the Order ID of your Magento marketplace’s purchase.  

     

    Supported Use Cases

    The following applies to frontend/backend

    • IdP-initiated Single Sign-On
      A SAMLRequest is sent to the Identity Provider, customer/admin authenticates against the SAML Identity Provider and then information about the user, group/roles (and address) are sent to Magento in a SAMLResponse,  Magento SAML extension validates the SAMLResponse, authenticate customer/admin (provisioning a new account if required and the feature is enabled) and let him in.
    • SP-initiated Single Sign-On
      Like the previous scenario, but here the SAML Response is directly sent by the Identity Provider and processed by the Magento SAML  extension.  
    • SP-initiated Single Logout
      SAML Logout Request is sent to the Identity Provider, the IdP close its session and the session of other related Service Providers and  ,sent back a Logout Response to the Magento instance that will close the session.  
    • IdP-initiated Single Logout
      A SAML Logout Request is sent by the Identity Provider, the  Magento instance validates it, close its session and reply back a SAML  Logout Response.   


    Warranty

    Support by email guaranteed. Get a reply in less than 48hr (business days).   


    License warning

    Use as License Key the Order ID of the purchase. When you purchase the extension, you can use it in one M2 instance. In the case of M2 running multi-sites, the license cover 3 stores using SAML SSO. If you require more stores, contact sixto.martin.garcia@gmail.com to discuss the terms. Test and developer environments can use the extension without requiring an additional license.   


    Identity Providers supported

    Find here a list of some of the Identity Providers supported. (Links  refer to its official documentation to configure a SAML integration).

    Technical Specifications

    Back to top

    Seller profile

    Sixto Pablo Martin Garcia

    Seller contact

    E-mail

    Current Version

    1.12.1

    Adobe Commerce platform compatibility

    Adobe Commerce (cloud): 2.4 (current), 2.2 (obsolete), 2.3 (obsolete)

    Adobe Commerce (on-prem): 2.4 (current), 2.2 (obsolete), 2.3 (obsolete)

    Magento Open Source: 2.4 (current), 2.1 (obsolete), 2.2 (obsolete), 2.3 (obsolete)

    Type

    Stable Build

    Updated

    06 June, 2024

    Categories

    Extensions, Payments & Security

    Documentation

    Reference Manuals

    Installation Guides

    User Guides

    License Type

    Custom License

    Policy

    Privacy Policy

    Quality Report

    Back to top

    Installation & Varnish Tests

    Passed

    Coding Standard

    Passed

    Plagiarism Check

    Passed

    Malware Check

    Passed

    Marketing Review

    Passed

    Manual Testing

    Passed

    All tests were conducted on the latest versions of Adobe Commerce that existed for the compatible release lines at the moment of the extension submission. Latest versions of all other software were used, as applicable.

    Release Notes

    Back to top

    1.12.1:

    • Compatible with Adobe Commerce (cloud) : 2.4
    • Compatible with Adobe Commerce (on-prem) : 2.4
    • Compatible with Magento Open Source : 2.4
    • Stability: Stable Build
    • Description:

      - Fix authentication-popup js introduced bug

    1.12.0:

    • Compatible with Adobe Commerce (cloud) : 2.4
    • Compatible with Adobe Commerce (on-prem) : 2.4
    • Compatible with Magento Open Source : 2.4
    • Stability: Stable Build
    • Description:

      - Drop support PHP <7.3. Use php-saml => 4.2.0 (requirement of CustomMetadata::builder).
      - Improve authentication-popup when checkout, adding SAML Link and hide normal login when force saml enabled.
      - Fix Force SAML IP whitelist

    1.11.0:

    • Compatible with Adobe Commerce (cloud) : 2.4
    • Compatible with Adobe Commerce (on-prem) : 2.4
    • Compatible with Magento Open Source : 2.4
    • Stability: Stable Build
    • Description:

      - Add AssertionProcessed Event and Logger Observer
      - Set default value for idpSSOBinding and cast expected bool settings to bool after calling getConfig or getConfigAdvanced

    1.10.3:

    • Compatible with Adobe Commerce (cloud) : 2.4
    • Compatible with Adobe Commerce (on-prem) : 2.4
    • Compatible with Magento Open Source : 2.4
    • Stability: Stable Build
    • Description:

      - Remove no necessary use of escapeUrl

    1.10.2:

    • Compatible with Adobe Commerce (cloud) : 2.4
    • Compatible with Adobe Commerce (on-prem) : 2.4
    • Compatible with Magento Open Source : 2.4
    • Stability: Stable Build
    • Description:

      - Fix bug. Customer does not have setIsActive
      - Check param is not null before calling strpos

    1.10.1:

    • Compatible with Adobe Commerce (cloud) : 2.4
    • Compatible with Adobe Commerce (on-prem) : 2.4
    • Compatible with Magento Open Source : 2.4
    • Stability: Stable Build
    • Description:

      Fix Linter issue on PHP7.X due the use of #[AllowDynamicProperties]

    1.10.0:

    • Compatible with Adobe Commerce (cloud) : 2.4
    • Compatible with Adobe Commerce (on-prem) : 2.4
    • Compatible with Magento Open Source : 2.4
    • Stability: Stable Build
    • Description:

      - Tested compatibility with PHP 8.2 and Magento 2.4.6
      - Fix "Admin Account sharing" issue.
      - Improved the way the admin is logged in the plugin to avoid session expiration issues.
      - Support Proxy Vars (useful when Magento is behind load balancer or Proxy and HTTP_X_FORWARDED vars needs to be read to build properly URLs). A new Advanced setting.
      - Added Support for redirecting to original target when Force SAML is enabled (Read HTTP_REFERER).
      - Trim role and group values from Group/Role Mapping section to avoid issues with extra spaces introduced.
      - Blacklist unexpected HTTP Method (PATCH, PUT, DELETE) and Ajax call on SAML controller.
      - Refactor StoreCode logic at Abstract controler.
      - Refactor and clean code (phpcs).
      - Add missing CustomerLoginObserverAuthenticationAfter
      - Fix more PHP 8.1 compatibility issues

    1.9.9:

    • Compatible with Adobe Commerce (cloud) : 2.2 2.3
    • Compatible with Adobe Commerce (on-prem) : 2.3 2.4
    • Compatible with Magento Open Source : 2.3 2.4
    • Stability: Stable Build
    • Description:

      - Compatibility with PHP 8.1
      - Disable customer send email feature only gonna affects SAML flows now.

    1.9.8:

    • Compatible with Adobe Commerce (cloud) : 2.2 2.3
    • Compatible with Adobe Commerce (on-prem) : 2.3 2.4
    • Compatible with Magento Open Source : 2.3 2.4
    • Stability: Stable Build
    • Description:

      - Fix parse_str deprecation issue

    1.9.7:

    • Compatible with Adobe Commerce (cloud) : 2.2 2.3
    • Compatible with Adobe Commerce (on-prem) : 2.3 2.4
    • Compatible with Magento Open Source : 2.3 2.4
    • Stability: Stable Build
    • Description:

      - Fix bug with groupid and roleid assignation when no info provided by IdP and default values are not set on settings.

    1.9.6:

    • Compatible with Adobe Commerce (cloud) : 2.2 2.3
    • Compatible with Adobe Commerce (on-prem) : 2.3 2.4
    • Compatible with Magento Open Source : 2.3 2.4
    • Stability: Stable Build
    • Description:

      - Add support for PHP 8.1
      - Refactor Group and Custom Attribute code

    1.9.5:

    • Compatible with Adobe Commerce (cloud) : 2.2 2.3
    • Compatible with Adobe Commerce (on-prem) : 2.3 2.4
    • Compatible with Magento Open Source : 2.3 2.4
    • Stability: Stable Build
    • Description:

      - Fix bug on AdminLoginObserver view: TypeError: strtotime() expects parameter 1 to be string
      - Avoid losing guest cart, by enabling a flag in the options section (Fix bug of EE and Cloud 2.4.X)
      - Never cache Login or ACS view
      - Improve RelayState support at Logout view
      - Be able to use id as a custom attribute to identify users
      - Support unified SP
      - If there is an error in the JIT process, don't call customer_register_success.

    1.9.4:

    • Compatible with Adobe Commerce (cloud) : 2.2 2.3
    • Compatible with Adobe Commerce (on-prem) : 2.3 2.4
    • Compatible with Magento Open Source : 2.3 2.4
    • Stability: Stable Build
    • Description:

      - Invalidate customerData on Login view, following same process than the normal login
      - There is a current bug affecting Enterprise and Cloud Edition versions 2.4.1 and 2.4.2 where guess cart items are not added to the logged user cart after SSO.

    1.9.3:

    • Compatible with Adobe Commerce (cloud) : 2.2 2.3
    • Compatible with Adobe Commerce (on-prem) : 2.3 2.4
    • Compatible with Magento Open Source : 2.3 2.4
    • Stability: Stable Build
    • Description:

      - Support RetrieveParametersFromServer setting as an extra alternative to fix possible issues with Signature validation on SLO sent by ADFS/Azure

    1.9.2:

    • Compatible with Adobe Commerce (cloud) : 2.2 2.3
    • Compatible with Adobe Commerce (on-prem) : 2.3 2.4
    • Compatible with Magento Open Source : 2.3 2.4
    • Stability: Stable Build
    • Description:

      - Fix cache issue on Frontend SLO HTTP-POST
      - Fix want_assertion_signed flag
      - Fix Backend SLO HTTP-POST

    1.9.1:

    • Compatible with Adobe Commerce (cloud) : 2.2 2.3
    • Compatible with Adobe Commerce (on-prem) : 2.3 2.4
    • Compatible with Magento Open Source : 2.3 2.4
    • Stability: Stable Build
    • Description:

      - Fix bug on role assignation on admin updating process

    1.9.0:

    • Compatible with Adobe Commerce (cloud) : 2.2 2.3
    • Compatible with Adobe Commerce (on-prem) : 2.3 2.4
    • Compatible with Magento Open Source : 2.3 2.4
    • Stability: Stable Build
    • Description:

      - Fix password policy bug.
      - Support more Group/Role Mapping modes (by Id or by Name).
      - Improve Force SAML on the backend.
      - Update documentation

    1.8.0:

    • Compatible with Adobe Commerce (cloud) : 2.2 2.3
    • Compatible with Adobe Commerce (on-prem) : 2.3 2.4
    • Compatible with Magento Open Source : 2.3 2.4
    • Stability: Stable Build
    • Description:

      - Implement Force SAML on backend
      - Support POST-Binding SLO
      - Refactor SAML endpoints
      - Fix possible password policy issue on new auto provisioned admin accounts

    1.7.2:

    • Compatible with Adobe Commerce (cloud) : 2.2 2.3 2.4
    • Compatible with Adobe Commerce (on-prem) : 2.2 2.3 2.4
    • Compatible with Magento Open Source : 2.1 2.2 2.3 2.4
    • Stability: Stable Build
    • Description:

      - Refactor Role Mapping and extend to 400 mappings.
      - Fix Protect Option settings.

    1.7.1:

    • Compatible with Adobe Commerce (cloud) : 2.2 2.3 2.4
    • Compatible with Adobe Commerce (on-prem) : 2.2 2.3 2.4
    • Compatible with Magento Open Source : 2.1 2.2 2.3 2.4
    • Stability: Stable Build
    • Description:

      - Force CustomerJs Load was created at the "Protect Options" instead the "Options" section, so it was ignored by the extension. This version set it in the right place, the "Options" section and when enabled, will take effect.

    1.7.0:

    • Compatible with Adobe Commerce (cloud) : 2.2 2.3 2.4
    • Compatible with Adobe Commerce (on-prem) : 2.2 2.3 2.4
    • Compatible with Magento Open Source : 2.1 2.2 2.3 2.4
    • Stability: Stable Build
    • Description:

      - Workaround to solve the customer data load which cause issues on welcome message or the cart/checkout view. Now a new setting in the Options section is available to make ACS endpoint to force the customer data load via javascript
      - Add optional RelayState validation on frontend.
      - Add support for Custom Admin URL
      - Add feature to be able block users, providing its email, to be logged via SAML

    1.6.0:

    • Compatible with Adobe Commerce (cloud) : 2.2 2.3 2.4
    • Compatible with Adobe Commerce (on-prem) : 2.2 2.3 2.4
    • Compatible with Magento Open Source : 2.1 2.2 2.3 2.4
    • Stability: Stable Build
    • Description:

      - Verified compatibility with Magento 2.4 (In the backend, MFA will be asked after SAML SSO success).
      - Try to solve customer data load issue reported at https://github.com/magento/magento2/issues/28428, that affetcs latest version of Magento, by adding a sections.xml file

    1.5.0:

    • Compatible with Adobe Commerce (cloud) : 2.2 2.3
    • Compatible with Adobe Commerce (on-prem) : 2.2 2.3
    • Compatible with Magento Open Source : 2.1 2.2 2.3
    • Stability: Stable Build
    • Description:

      - Support 25 groups
      - Support 30 roles
      - Bug-Fix Assertion Consumer endpoint

    1.4.0:

    • Compatible with Magento Open Source : 2.1 2.2 2.3
    • Stability: Stable Build
    • Description:

      - Require php-saml > 3.0.0
      - Supports Magento 2.1, 2.2, 2.3
      - Support muliple IdP x509 certs.
      - Support multiple custom fields.

    1.3.0:

    • Compatible with Magento Open Source : 2.1 2.2
    • Stability: Stable Build
    • Description:

      - Require php-saml < 3.0.0
      - Add a more detailed description of what customer/user data is updated when that option is enabled. Update mail if custom attribute defined as the way to identify customer
      - Improve the feature of disabling email notification on new accounts
      - Make processAttrs public. Fix updateCustomer parameter bug. Add support for custom attributes

    1.2.0:

    • Compatible with Magento Open Source : 2.1 2.2
    • Stability: Stable Build
    • Description:

      - Be able to send AuthNRequest with POST Binding.
      - New settings: Digest Algorithm and Lower Case URL Encoding.
      - Fix bug of view/frontend/layout/customer_account_login.xml file that affects Magento 2.2 and greater.
      - Code improvement.

    1.1.1:

    • Compatible with Magento Open Source : 2.1
    • Stability: Stable Build
    • Description:

      First version of the SAML extension with support for front-end and back-end.

    1.0.0:

    • Compatible with Magento Open Source : 2.1
    • Stability: Stable Build
    • Description:

      First version of the SAML extension with support for front-end and back-end.

    Support

    Back to top

    The best place to start if you need help with a specific extension is to contact the developer. All Adobe Commerce developers have both a contact email and a support email listed.

    Contact Vendor

    Q & A

    Back to top

    Reviews

    Back to top