25-9-2019 TeamWizkunde / Magento2 WebSSO / wiki / Home — Bitbucket Magento2 WebSSO Wizkunde / Wizkunde Extensions / Magento2 WebSSO Wiki Source Create page Clone wiki Magento2 WebSSO / Home View Commits History Edit Branches Pull requests About the WebSSO Module Setup step 1 - Installing the extension Pipelines Composer Installation: Contact us to get a token for your composer installation Alternative Installation: Download and unpack the module Setup step 2: Install the module Setup Step 3: If you were in production mode you have to execute: Setup Step 4: Deploy all the template files to the proper location: Setup Step 5: Make sure all the caches are cleaned Setup step 6: Creating a Identity Provider configuration setting Deployments Issues Wiki Downloads Settings General Information SAML2: Identity Provider Information SAML2: Certificate Generation OAuth2: Identity Provider Information Mappings Setup step 7: Enabling the IDP in the proper store / website Configuration: General Settings Configuration: Frontend Firewall Configuration: Audit Logging Setup step 8: Go to the frontend/backend and see if the login page appears! Your Service Provider Details Metadata location FRONTEND Metadata location BACKEND About the WebSSO Module This module allows your Magento 2 installation to communicate with Identity Providers including: Microsoft ADFS2.x / 3.x / SharePoint SalesForce Google Accounts NetIQ OneLogin SimpleSAMLPhp And many more! Protocols Supported: - SAML2.0 - OAuth2 - OpenID Setup step 1 - Installing the extension Composer Installation: Contact us to get a token for your composer installation You can easily install this extension with composer by going to your account page on our website and follow the composer installation instructions available on the page. Alternative Installation: Download and unpack the module The module is in Marketplace format. Therefor, you need to do the following to install it: Go to your project root and execute the following: cd /your-project-root mkdir -p app/code/Wizkunde/WebSSO cd app/code/Wizkunde/WebSSO https://bitbucket.org/TeamWizkunde/magento2-websso/wiki/Home 1/8 25-9-2019 TeamWizkunde / Magento2 WebSSO / wiki / Home — Bitbucket Magento2 WebSSO tar -zxvf Wizkunde_WebSSO-<version>.tgz composer require wizkunde/samlbase:~1.2.8 composer require league/oauth2-client:~2.2 Source Commits Branches Pull requests Pipelines Deployments Issues Wiki Downloads Settings Setup step 2: Install the module bin/magento setup:upgrade Setup Step 3: If you were in production mode you have to execute: bin/magento setup:di:compile Setup Step 4: Deploy all the template files to the proper location: bin/magento setup:static-content:deploy https://bitbucket.org/TeamWizkunde/magento2-websso/wiki/Home 2/8 25-9-2019 TeamWizkunde / Magento2 WebSSO / wiki / Home — Bitbucket Magento2 WebSSO Source Commits Branches Pull requests Pipelines Deployments Setup Step 5: Make sure all the caches are cleaned Run: bin/magento cache:clean Issues Wiki Downloads Settings Setup step 6: Creating a Identity Provider configuration setting In Magento 2 go to Wizkunde -> Servers and click "Add new" General Information Name - A friendly name for display purposes Identifier - A unique identifier, especially useful when you use 2 or more IDP's in your installation Server Type - Protocol to use to communicate with your Identity Provider SAML2: Identity Provider Information https://bitbucket.org/TeamWizkunde/magento2-websso/wiki/Home 3/8 25-9-2019 TeamWizkunde / Magento2 WebSSO / wiki / Home — Bitbucket Magento2 WebSSO Source Commits Branches Pull requests Pipelines Deployments Issues Wiki Downloads Settings NameID - The Name ID of your current Service Provider which is known in the trust relation on your IDP Metadata URL - Identity Provider Metadata URL Is Passive - Can allow authentication methods that do not show the user any input SSO Binding - The binding needed for the SSO connection SLO Binding - The binding needed for the SLO connection Metadata expiration in seconds - We cache the metadata to speed up the site loading process Sign SP Metadata - Weather to sign the Service Provider metadata or not Ignore SSO - No session will be stored, if the magento session expires, a IDP login screen reappears Certificate Data (CRT): The X.509 Certificate used to communicate with the SAML2 IDP server (preshared) Private Key (PEM): The X.509 private key used to communicate with the SAML2 IDP Server Certificate Passphrase: Optional passphrase to unlock the certificate SAML2: Certificate Generation You can since 1.9.0 conveniently generate a X.509 certificate by filling in the form on the bottom of the page and click "Generate". This will prefill the form fields for you with a unique and secure X.509 certificate. OAuth2: Identity Provider Information https://bitbucket.org/TeamWizkunde/magento2-websso/wiki/Home 4/8 25-9-2019 TeamWizkunde / Magento2 WebSSO / wiki / Home — Bitbucket Magento2 WebSSO Source Commits Branches Pull requests Pipelines Deployments Issues Wiki Downloads Settings Server Type - The type of server, plain OAuth2 or OpenID Scope Permissions - The permissions requested from the user at the Identity Provider Authorization Endpoint - The endpoint for the OAuth2 request Token Endpoint - The endpoint to request the tokens from Userinfo Endpoint - The endpoint to request the user information Client ID - The ID that has been made in the OAuth2 Identity Provider Client Secret - The secret matching the client ID made in the Identity Provider Mappings External attribute: The attribute as exposed by the Identity Provider. Transform: The transform applied on mappings Internal attribute: The attribute known in magento. Setup step 7: Enabling the IDP in the proper store / website Go to Stores -> Configuration In the left bar, find Wizkunde Configuration and click on it. Select the right scope of your website / store to make sure you enable the IDP where you want to enable it. Adjust the settings according to your situation Configuration: General Settings https://bitbucket.org/TeamWizkunde/magento2-websso/wiki/Home 5/8 25-9-2019 TeamWizkunde / Magento2 WebSSO / wiki / Home — Bitbucket Magento2 WebSSO Source Commits Branches Pull requests Pipelines Deployments Issues Wiki Downloads Settings Enable SSO in frontend: Enable SSO for your end customers Enable SSO in backend: Enable SSO for your administrative users Frontend Server: The server that we're using to connect to the frontend Backend Server: The server that we're using to connect to the backend CMS Page for failed login: The page that will be shown when a login cannot be completed Configuration: Frontend Firewall Immediate login in frontend: If set to yes, the user will not see the Magento site before logging in, it will be immediatly redirected to the IDP instead of after clicking on "login". Very useful for B2B sites that only expose data to registered customers CMS Whitelist: The pages which are allowed to be shown without logging in IP Whitelist: The IP's which may access the frontend without facing the SSO login enforcement Configuration: Audit Logging https://bitbucket.org/TeamWizkunde/magento2-websso/wiki/Home 6/8 25-9-2019 TeamWizkunde / Magento2 WebSSO / wiki / Home — Bitbucket Magento2 WebSSO Source Commits Logging: Enable logging for this storeview Log Severity: Set logging to either log everything or just failed attempts Setup step 8: Go to the frontend/backend and see if the login page appears! Branches Pull requests Pipelines Deployments Issues Wiki Downloads Settings Your Service Provider Details Metadata location FRONTEND https://<your store>/sso/metadata https://bitbucket.org/TeamWizkunde/magento2-websso/wiki/Home 7/8 25-9-2019 TeamWizkunde / Magento2 WebSSO / wiki / Home — Bitbucket Metadata location BACKEND Magento2 WebSSO https://<your store>/sso/metadata/backend All other data is visible in the metadata URL's provided Source Commits Updated 2019-07-09 Branches Pull requests Pipelines Deployments Issues Wiki Downloads Settings https://bitbucket.org/TeamWizkunde/magento2-websso/wiki/Home 8/8
