SAML Single Sign On Magento Extension - Sixto Martin

SAML Single Sign On Magento extension helps your customer can connect a Magento instance with any SAML Identity Provider after you enable and configure it successfully in your backend.
Details

If you are working with a partner that has implemented a SAML identity provider (OneLogin, Okta, Ping Identity, ADFS, Salesforce, SharePoint...), you can use this extension to interoperate with it, thereby enabling SSO for customers.

Our customers are happy with the extension and with the support received. Companies like Cisco, Toyota or PWC trusted on our services

Please note that the module was implemented by Sixto Martin, author of 15+ SAML plugins and several SAML toolkits. Support by mail guaranteed. Get a reply in less than 48h (business day).

 

1

2

 

Full List Of Features

  • Enable SAML Single Sign On with this extension simply.
  • Connect a Magento instance with any SAML Identity Provider.
  • Allow to Login via Identity Provider.
  • Possible to single sign on/ log out service Url.
  • Easily switch On/Off the SAML Module.
  • Provisioning/Auto-update user data.
  • Single Sign On (IdP & SP initiated).
  • Single Log Out (IdP & SP initiated).
  • Just-In-Time Provisioning (user data + group + address).
  • Auto-provisioning: allow to create a new user with the data provided by the IdP.
  • Auto-update: update the account of the user with the data provided by the IdP and Review the Mapping section.
  • Possibly set the mapping between IdP fields and Magento fields.
  • Mapping could be also set at Onelogin's IdP as well.
  • Group and address supported.
  • Customizable workflow.
  • Supports Magento Multi-stores.
  • Powerful features in backend.
  • Easily install and use.

Product Reviews (11) Write a review

Thorsten Schramm 5 star rating Submitted: September 12, 2017

The extension works fine so the integration into Magento was easily done. Problems or customisations are very quick and helpful answered by Mr. Garcia. Excellent support! Excellent extension! Highly recommended.

Justin Seipel 5 star rating Submitted: April 6, 2017

Great work on the issue. Found the problem quickly and fixed it within a day.

Suvir Khullar 5 star rating Submitted: November 7, 2016

We were earlier struggling for SAML integration for one of our client. We tried different options before but could not work for them. Then I tried this extension developed by Mr. Sixto. Steps for Integration of SAML is followed as per instructions given in user guide. However for SAML integration one will definitely need assistance from the extension developer. The kind of support provided by Sixto is awesome. His response to my emails was very prompt and with detail instructions and guidance. With his great support we have successfully integrated SSO in our magento store. I recommend Mr. Sixto as SAML technological partner. All my good wishes for him and his fantastic product.

Shayne Stone 5 star rating Submitted: January 21, 2015

very powerful and unique extension. Good luck with sales!

Billie Mead 5 star rating Submitted: March 28, 2015

I recently got to use the SAML Single Sign-on Magento Extension on a huge project with a fortune 500 company, Varian Medical Systems based in CA. We implemented it on a mission critical project, the Varian Custom Marketplace. As the project manager with a large budget, I could have gone with any one solution, even a custom coded job. But we used this extension and the results couldn't have been better as the code is flawless. And the author provided some of he best technical support I have seen in years. You don't even have anything to consider... get this extension and save yourself a ton of problems and headaches. Billie M. (PrintTech Consulting)

Barry Allwood 5 star rating Submitted: April 21, 2015

Great extension and great support!

Timo Peschka 5 star rating Submitted: February 17, 2016

You wrote: "I implemented a solution where Magento acta as Identity Provider (separate piece of software) that requires the SAML extension" (Date: 01/27/2016 11:12AM) We also want to use Magento as a SAML provider. Is it possible to buy your "solution"?

Maarten Troonbeeckx 5 star rating Submitted: February 29, 2016

Excellent package. Was easily extensible for one of our client's specific needs and the author went through some great lengths to help us out where needed. Highly recommended if you a SAML solution for Magento!

Maarten Troonbeeckx 5 star rating Submitted: February 29, 2016

Excellent package. Was easily extensible for one of our client's specific needs and the author went through some great lengths to help us out where needed. Highly recommended if you a SAML solution for Magento!

Greg Rudakov 5 star rating Submitted: February 29, 2016

Great tool, worked as expected with Microsoft Azure, Sixto was great help with the initial setup (as I was a first timer)

nathan 5 star rating Submitted: March 1, 2016

Good product and Good technical support offered by the developer too.
Submit your review

First: rate the product. Please select a rating between 1 (poorest) and 5 stars (best)

Write review

Become a client on Cmsmart, you are protected strongly with our Client Protection Programe. Especially we built -in a strong Central Ticket Support system to help clients and partners working on the products item support after purchased.

Go to item support

People also ask

No, you only need to purchase license for production that you use in production.



Yes, the extension support multi-store. Each store will have its own SAML settings.



Take in mind that you will need a license for each of them.
SAML is a standard for exchanging authentication and authorization data between different domains.



Learn more at: https://github.com/jch/saml
The extension includes a Readme that explains how to install and where to find the SAML settings panel.



This SAML setting panel contains different sections with a bunch of fields. All of them have a short description that explains what value to use on it.



The extension uses the Onelogin php-saml toolkit [1], so take a look at its settings if you have more doubts



[1] https://github.com/onelogin/php-saml#settings
This extension will work with any Identity Provider that follows the SAML 2.0 standard.



Take in mind that SP expects to receive the SAMLResponse using the HTTP-Post binding, and rest of the SAML messages are exchange using HTTP-Redirect binding.
If you have a complex project where you want to add SAML support, for sure you will need to buy this extension to save you the time of integrate Magento.



If you need custom solutions for specific apps, or you don't have much idea about SAML and are not able to configure the Identity Provider, you can contact me at sixto.martin.garcia@gmail.com and I can offer my help and agree rate per worked hour.
Yes, this extension works on Magento Community and Magento Enterprise
10/22 Comment(s)

Login and write a comment

ChianMing Tan
hi,
We have a B2B Magento site which we have multiple corporate clients who are using different SSO solutions. Can this extension multiple SSO solutions ?

We also have a need to support LDAP or Active Directory. Do you provide custom project support?

Thanks!
Sixto Martin
Sixto Martin
  • Date: 2016-05-25 08:05:16
The SAML extension supports Multi-site so you can connect each shop with an Identity Provider (but notice there is license domain restriction).

If you want to connect 1 shop with more than 1 Identity Provider, then you will need to deploy also a simpleSAMLphp SAML bridge so:
Multiple IdPs --- SAML bridge -- Magento Service Provider.

My extension is only for the SAML standard, but if you need to be connected with an LDAP or Active directory, you can use those authentication sources and deploy an Identity Provider using simpleSAMLphp and connect it with the magento SAML extension.

I offer support for the extension (50$/hour), but for custom SSO projects I ask for 60$/hour.
ChianMing Tan
ChianMing Tan
  • Date: 2016-06-06 08:06:15
hi Martin, we will be in contact via LinkedIn for custom project. Thanks.
Thomas
Encryption?
  • Date: 2016-05-24 07:05:28
Is this extension encrypted in anyway, limiting me from further extending it for my specific needs?
Sixto Martin
Sixto Martin
  • Date: 2016-05-24 09:05:28
Hi Thomas,

Code is in plain-text, not obfuscated, you will be able to customize the extension for your specific needs. I also offer support for help you (50$/hour) if you need.
Dhruva Khanna
MS Azure SSO
  • Date: 2016-05-03 06:05:05
I am looking to buy this extension for a client, they are using MS azure for SSO, i want to know if this would work with MS Azure or not? If yes, how can we integrate it?
Sixto Martin
Sixto Martin
  • Date: 2016-05-03 08:05:47
Azure Active Directory supports the SAML 2.0 web browser single sign-on (SSO) profile. https://msdn.microsoft.com/en-us//library/azure/dn195589.aspx

You will be able to install and configure the SAML extension for Magento (enabling it as a SAML Service Provider), and then connect it with Azure, as explained here:
https://azure.microsoft.com/en-us/documentation/articles/active-directory-saas-custom-apps/
Dhruva Khanna
Dhruva Khanna
  • Date: 2016-05-05 09:05:50
Thanks for the reply., I have a few questions:

1. Will the users from the Azure SSO be added into magneto’s database
2. If the team at my client’s side, delete’s a user, will it be automatically deleted from Magento?
3. If the team at my client’s side, ADD’s a user, will it be automatically added in Magento?
4. I want to assign particular user groups to some users, is that possible during the insertion of the users in magento?
5. Is it possible to arrange a one to one demo to know how the extension is working?
6. are you able to configure the extension for us?
Sixto Martin
Sixto Martin
  • Date: 2016-05-05 10:05:54
1. Yes if you enable at the settings the 'just-in-time" provisioning functionality.

2. No, but the user will not be able to access to the Magento since can't SSO anymore using Azure SSO.

3. No, this is not how SAML works, in SAML we are able to create users once they are authenticated on the Identity provider and try to access Magento, in this moment is created the account there.

4. Yes, group are supported on the plugin, there is a mapping section where you set what group from the Identity Provider will be assigned which what groups of Magento

5. Have you checked the video?
https://www.youtube.com/watch?v=XKTRkSEyUIA

There I show you how it works and also I navigate showing the setting panel.
Also the settings/features are described here:
http://cmsmart.net/magento-extensions/sixto-martin-saml-single-sign-on-magento-extension

but if you still require a 1-1 demo we can schedule it,

6. Yes, I offer support for any change/customization/help with settings of the Magento extension. My rate is 50$/hour.
I don't offer specific support of the Azure SSO part since I'm not an expert on that and you should be able to contract a better candidate for that part.

In order to solve 2 and 3 you will need to use something like:
https://skyvia.com/data-integration/integrate-magento-sql-azure
The Nguyen
Admin ADFS login extension error
  • Date: 2016-04-22 02:04:45
Hi ,

I bought admin extension to use ADFS for Magento admin.
I got this error after install and trying to login from ADFS(federation) to Magento:

"The status code of the Response was not Success, was Requester -> urn:oasis:names:tc:SAML:2.0:status:InvalidNameIDPolicy
Error at the ACS Endpoint.
invalid_response

Reason: The status code of the Response was not Success, was Requester -> urn:oasis:names:tc:SAML:2.0:status:InvalidNameIDPolicy"

I am newer in working with ADFS, so can you please tell me what above message means and how to solve it?

Thank you so much
Sixto Martin
Sixto Martin
  • Date: 2016-04-22 02:04:29
ADFS expect an specific NameIDFotmat on the AuthNRequest sent by the Service Provider but is receiving a different value.

In the setting panel of the SAML Magento extension, at the advanced settings you will find the NameIdFormat value used, change it and use the same format that the ADFS (maybe transient?).

At this documentation you can learn more about ADFS:
https://blog.auth360.net/2012/09/02/adfs-as-an-identity-provider-and-saml-2-0-saas-application-integration/

https://social.msdn.microsoft.com/Forums/vstudio/en-US/ea5efcff-4221-4af1-b434-4be5245cb0fa/nameid-policy-could-not-be-satisfied?forum=Geneva
Collin Chu
Hi,

I'm new with SAML. We are trying to create our corporation site with login function. When the user login to our corporation site, he could be redirected to Magento, which is located at another domain (or static IP). We want to use your single sign on extension. But no idea with how to create the login function on our corporation site which could act as idP.

Thanks!
View all replies.
Collin Chu
Collin Chu
  • Date: 2016-04-16 09:04:31
Thanks a lot! We are thinking about using WordPress to create our corporation general web site. We found there is WordPress plugin 'WordPress SAML 2.0 IDP', developed by miniOrange. Do you think this idP plugin is compatible with your Magento extension?
Sixto Martin
Sixto Martin
  • Date: 2016-04-17 05:04:18
The SAML extension for Magento allows you to use any SAML 2.0-compliant Identity Provider.

So if the extension developed by miniOrange is SAML 2.0 compliant, it should work. but
I understand that miniOrange is a not a free service and you pay per user.

so as I already suggested, try to deploy simpleSAMLphp as IdP and use this wordpress authentication module: https://github.com/pitbulk/ssp-wordpress-authentication to use wordpress database as simpleSAMLphp IdP's authsources, then connect that IdP with the Magento's SAML extension.
And finally use https://es.wordpress.org/plugins/onelogin-saml-sso/ to turn Wordpress as a Service Provider

If you interested you can contact directly to me and I implement that for you. (rate 50$/hour)
Collin Chu
Collin Chu
  • Date: 2016-04-18 07:04:16
Thanks a lot, Sixto. I'll try your solution.
Sixto Martin
Sixto Martin
  • Date: 2016-10-13 02:10:22
In order to connect simpleSAMLphp IdP and Magento you need to:

1. Access to simpleSAMLphp, "federation section" and click on the IdP, it will show the IdP metadata. You need to get some data: (EntityID, SSO URL, SLO URL, certificate)

2. Access Magento SAML extension panel,
2.1 Fill the "Identity Provider Setting" with the data you retrieved.
2.2 Configure the options that you need
2.3 Set the attribute mapping, based on the name of the attributes that the IdP provides (if you enabled simpleSAMLphp SP, you can access to the "authentication section" on simpleSAMLphp, execute an authentication test, and see what attributes the IdP povide.
2.4 At "advanced settings" on Magento extension, set as SP EntityID the value appears on "Status" and SP URL Metadata. (it is an URL with the Magento base URL + /sso/saml/metadata.

3. Access at the browser to the SP URL Metadata, See the source of the page and copy the XML.

4. At simpleSAMLphp, go to the "federation" section, click on the "convert metadata", paste the XML of the SP metadata, in order to convert it on simpleSAMLphp data.
Copy the result.

5. At simpleSAMLphp filesystem, edit metadata/saml20-sp-remote.php, and add the data that you generated on the conversor.

And that is all. Follow the guide step by step and you will have simpleSAMLphp and Magento connected.

If you are not able, I offer support (50$ / h) and can guide you in a web-conference).
Dipak Valecha
Dipak Valecha
  • Date: 2016-10-13 12:10:51
HI Sixto,

I have install and configured simpleSAML php in my local system. I have configured Sp and idp in simpleSAML only. Its working fine. Now i want to integrate same thing for magento in my local. Can you please guide me in this?
The Nguyen
Custom login page
  • Date: 2016-03-21 10:03:41
Hi Cmsmart,

I am interesting in this extension. Anyway, I have 1 question:
From your demo video, There is a link on login page (linked to IP).
Can we allow customer to enter user and password on Magento login page instead of doing it on external website? I mean user go to Magento login page, enter username and password (IP credentials, not Magento credentials) and we login that customer automatically instead of go to another website.

Looking forward for your response
Thanks
Sixto Martin
Sixto Martin
  • Date: 2016-03-21 11:03:39
This is not like SAML work.

In the SAML SSO workflow credentials are provided to the Identity Provider login form, not to the Service Provider so that external link is a must (if you want to keep normal login).

Please, to understand the SAML protocol visit:

https://github.com/jch/saml


If you plan to disable Magneto's normal login and force always the SAML authentication, then you don't need that link and instead we can redirect always the user to the Identity Provider login form when the user access to Magento.
The Nguyen
The Nguyen
  • Date: 2016-03-22 12:03:34
Hi Martin,

Thanks for your response.
We need to be able to fully customize the login page
So Can we customize the login page even it is not Magento page?
You can refer to another extension: http://www.wizkunde.nl/product/single-sign-on-with-saml2-0/
That extension comes with customized login page.

Thanks
Joshua Estes
Does this work for backend?
  • Date: 2016-02-25 11:02:04
I'm looking for a SAML extension that is for logging into the backend of magento. Does this extension do that? Do you know any extensions that do this?
Sixto Martin
Sixto Martin
  • Date: 2016-02-25 11:02:55
Hi,

This extension add SAML login to customers, if you are looking for adding SAML support to the admin panel you need other extension.

Right now I'm working on it, should be release in 2-3 weeks.
Alan Hughes
Category/Item
  • Date: 2016-02-23 09:02:53
If the url includes category and/or item, does the sso process return the user to that category or item page once it completes or just the store home page?
Sixto Martin
Sixto Martin
  • Date: 2016-02-23 09:02:21
Is redirected to the home page, but I'm working right now for support relayState support, that will be added in next release (In 1 week).
Sixto Martin
Sixto Martin
  • Date: 2016-03-01 10:03:22
1.1.0 version support that
Vidar Ligard
SAML for Magento2
  • Date: 2016-01-13 10:01:50
Do you have any plans of making your SAML/SSO plugin available on Magento2? We are starting work on a magento upgrade, but looking for a compatible/supported SAML plugin.
Sixto Martin
Sixto Martin
  • Date: 2016-01-27 03:01:24
Yes I plan to release a Magento2 compatible version soon (a couple of weeks)
Sixto Martin
Sixto Martin
  • Date: 2016-03-01 10:03:38
Magento2 development is more complex that expected. I keep working on a Magento2 compatible version.
Sixto Martin
Sixto Martin
  • Date: 2016-06-09 06:06:23
I have a magento2 extension, but still under Magento review (I sent it 1.5month ago and still waiting).
Sixto Martin
Sixto Martin
  • Date: 2016-07-19 10:07:50
Here is:
https://marketplace.magento.com/sixtomartin-onelogin-module-saml2.html
Stéphane Peiti
EE edition support
  • Date: 2016-01-08 03:01:31
Hello,

Do you support EE edition ? if yes ... which ? ( currently i have one instance on 1.8 an other one in 1.13).

regards
Sixto Martin
Sixto Martin
  • Date: 2016-01-08 03:01:57
It may work for both. If you experience any compayibility issue you can contact me any time and I can fix it asap.

Change log

Updated: 2018, Jul 31

- Update php-saml to 2.14.0

Updated: 2017, Jun 12

- Update php-saml to 2.10.6 - Improve the way users are created/updated in websites/stores

Updated: 2017, Feb 27

- Add nameIdFormat support on LogoutRequests

Updated: 2017, Jan 28

- Update php-saml to 2.10.3 - Add better control of redirections after login

Updated: 2016, Oct 17

- Update php-saml to 2.10.0 (security improvements) - Add force SAML feature - Add the ability to sign metadata

Updated: 2016, Sep 12

- When the custom attribute is the field to identify the user, let update the email when

Updated: 2016, Sep 02

- Add support for custom attribute and log by custom attribute.

- Now AuthNRequests can be sent using HTTP-POST or HTTP-Redirect bindings.

- Update php-saml to 2.9.1

Updated: 2016, Jun 10

- Improve Multi-site support with specific metadata url

- Improve messages

- Update php-saml to 2.8.0

Updated: 2016, Mar 01

- Fix Requested Authn Context issue

- After the SSO process, user will be redirected to the corresponding bookmarked URL, or to the dashboard

- Update php-saml version to 2.7.0

Updated: 2016, Feb 04

- Publish SP metadata

- Add License support

Updated: 2015, Nov 24

- Fix some compatibility issues with OpenSAML IdP

- Improve SLO support

Updated: 2015, Sep 15

- Support Magento Multi-stores

- Improve debug messages.

- Support advanced signature algorithm.

Updated: 2015, Sep 09

- Update php-saml library to 2.6.0

- Improve SP XML metadata publication

Updated: 2015, Jun 10

Upload the SAML lib.

This is a Magento® Extensions item
Product rating: 5 star rating | Write a review 5/5 based on 11 rating(s)

2018, Jul 31

Magento 1.8.x, Magento 1.9.2.x, Magento 1.9.x

DOWNLOAD THIS ITEM
CHOOSE PAYMENT TYPE

$199.00 GPL License

You can use the product for your own website or your clients website if you are developer. You are allowed to use this extension on Unlimited website while our private support is base on domain.

  • Private support for each 12 months
  • Unlimited tickets support
  • Download & upgrade new version

You can use the product for a lifetime without purchasing it again or pay for renewal payment. You should repurchase this product when your package expired but you want to get our support or update to the latest version

Support Domain License Under a 1 support domain license for the item you are granted a non-exclusive non-transferable permission to use the item on a single site.

If you plan to use the product on other domains, you SHOULD buy now to SAVE much better than buying separated order.
$ 199.00
You will be rewarded 99 Points ($9.9)

Why choose Cmsmart?

img choose 1
Leading in quality and performances

We are proud ourselves to release our quality products to the e-commerce world.

img choose 1
Full solutions for niches industry

We provide many powerful completed Printshop, Multistore marketplace, etc solutions for industry

img choose 1
Excellent support and consultancy

We have a dedicated support team that delivery the excellent support

img choose 1
Private customization for your project

If you don't like our product as it is, you can custom it as you want

img choose 1
Long-term partnership care

We also want to have a long-term partnership with customer to support and take care


Top
×
Welcome to Cmsmart community!
→ Do you know the secret to create a printing site in a few minutes?
→ What is the latest technology of Online Design 2019?
→ How to start a marketplace site without any trouble?
Join over 19,890+ readers as well as happy customers to open the successful key for your e-commerce business.