Read More
Read More
Menu Close

    Magento 2 SSO

    Magento 2 SSO or Magento 2 Single Sign-On module allows the integration of the Magento store with third-party applications.

    However, the user can sign in to the third-party applications through their Magento 2 sign-up credentials.

    Using Magento 2 Single Sign-On, the admin can easily integrate multiple clients for Single Sign-On using their Magento credentials.

    The admin can also integrate the UVdesk support portal with the user’s Magento store.

    Features Of Magento 2 SSO

    • The admin can allow the users to log in to third-party applications with their Magento credentials.
    • There is no need for the user to remember multiple login access to other portals like the support portals.
    • A user can sign in automatically on a third-party application.
    • The admin can easily integrate multiple clients for client Single Sign-On login.
    • It is easy for the admin to manage (add/view/edit/delete) all the SSO integrations.
    • It helps the admin to integrate the UVdesk support portal with the Magento store.
    • The admin’s UVdesk support portal can be integrated with his Magento Store.
    • It supports the LDAP server integration for Single Sign-On.
    • It also helps synchronize the newly created customers on the Magento2 store with the LDAP server.
    • It supports the Keycloak server integration for Single Sign-On.

    Installation Of Magento 2 SSO

    The user will get a zip folder and they have to extract the contents of this zip folder on their system.

    Searching for an experienced
    Magento 2 Company ?
    Read More

    This folder has an src folder and inside the src folder, there is an app folder.

    Hence, the User needs to transfer this app folder into the Magento2 root directory on the server as shown below.

    Magento 2 SSO Installation

    Thereafter, the user has to run the commandsbelow in the Magento2 root directory:

    First command – php bin/magento setup:upgrade
    Run command

    Second Command – php bin/magento setup:di:compile
    Run command

    Third Command – php bin/magento setup:static-content:deploy
    Magento 2 SSO

    Fourth Command – composer require firebase/php-jwt

    After that, moving the app folder the user has to flush the cache from the Magento admin panel by navigating through->System->Cache management as shown below.

    Installation Of Magento 2 SSO

    Note: One must install and enable the PHP Extension LDAP in order to use the LDAP feature in Magento 2 SSO.

    SSO Keycloak Configuration

    Keycloak is an open-source software package designed for modern apps and services that allows single sign-on with Identity and Access Management.

    User federation, robust authentication, user management, fine-grained authorization, and other features are available from Keycloak.

    The user can navigate through Stores > SSO Connector > SSO KeyCloak Configuration to set the KeyCloak configurations as shown in the image below.

    rk1

    The admin can set the configurations for the Keycloak as follows:

    Enabled: The admin can enable or disable Single Sign-On through the Keycloak server.

    Realm:  Add the Realm name in this section.

    Auth Server Url:  The admin needs to add the Auth Server URL.

    SSL Required:  Ensures that all communication to and from the Keycloak server is over HTTPS.

    Public Client: If set to true, the adapter will not send credentials for the client to Keycloak.

    Confidential Port: The confidential port used by the Keycloak server for safe SSL/TLS connections.

    URL:  The admin needs to add the URL.

    Client Id: Just mention the client Id in this section

    Note:-  It is essential to configure the Auth server URL, URL, Client Id, and Realm for the module setup.

    After saving the value in the configuration, go to the store front end and you will see a button named “Sign in with keycloak” click on the button to sign in with the keycloak user in Magento.

    sso

    If you already have a keycloak account and are logged in, you will be instantly signed in to Magento2 with the email address you used to sign up for keycloak.

    mmmm-1Note:- If the user is not logged-in on Keycloak then they will redirect to the sign-in page of Keycloak instead of my account page.

    rk2

    For keycloak registration the user has to enter username/email and password.

    Add Realm Settings

    A successful login will take us to the Keylock console and open the Master realm by default, We’ll concentrate on making a custom realm here.

    rk3

    Let’s look in the upper left area to add the realm button as mentioned in the image.

    Add Clients

    To add a client, navigate to the Clients area of your Keycloak admin console and select Create to add the client.

    rk5

    Enter the following information on the Add Client page and save it as mentioned above.

    • Client Id:  Enter something like strong DM.
    • Client Protocol:  Choose OpenID-connect.
    • Root URL:  Enter the root URL here.

    Select client protocol OpenID-connect and select Save.

    Add Users

    Here, we add users to the keycloak to add a new user, navigate to the Users page and select the Add user button on the far right of the screen.

    kkk

    Fill out the form by entering your email address, first and last name, and then click the Save button as shown in the image below.

    rk6-1

    We have a Cors issue when keycloak and Magento2 are on different servers.

    To resolve this issue, the user has to enter the client URLs or Asterisk(*) in the Valid Redirect URL settings and Web Origin settings in the keycloak client settings.

    Keycloak-Admin-Console

    LDAP Configuration

    Firstly, the user will have to authenticate with the Magento2 LDAP Server.

    phpLDAPadmin-1-2-2-1-1

    After that, On logging in to the LDAP admin page, the Login DN and as well as Password will be visible as shown in the image below, and click Authenticate.

    Magento 2 SSO

    Simply, click Create new entry here to create an organizational unit as shown below.

    phpLDAPadmin-1

    Right after, a page will load up with a list of templates. However, the user needs to select the Organisational Unit checkbox.

    phpLDAPadmin-1-2-2-organisational-unit-1

    Further, you need to enter the name of the organizational unit and click Create Object.

    phpLDAPadmin-1-2-2-1-2

    After that, The Create LDAP Entry page will open simply click on the Commit and as well as proceed.

    phpLDAPadmin

    Note: 

    • The created organizational unit here at the LDAP server needs to enter in the admin configuration section.
    • Since the LDAP server is synchronized with the Magento 2 module. Using this we can also create a customer here and that customer will be directly able to log in to the used integration.
    • After that, the synchronization is turned on the customer created at the admin backend will be visible here as well.

    phpLDAP

    The user can navigate through Stores > Sso Connector > LDAP Configuration so as to set the configurations of the LDAP as shown in the image below.

    Magento 2 SSO

    Hence, The admin can set the configurations for the LDAP as follows:

    Enabled: The admin can enable or disable Single Sign-On through the LDAP server.

    Customer Synchronization: The admin can enable or disable the customer synchronization of newly created customers on Magento 2 store with the LDAP server.

    Server IP: The admin needs to add the IP of the server.

    Port: The port number is to be added by the admin.

    Organizational Unit: The created organizational unit at the LDAP server needs to be entered here in this section.

    Domain Component: It is retrieved from the LDAP admin page.

    Admin User: We need to enter the LDAP User name over here.

    Password: Add the password for the Admin User.

    Admin Configuration

    The admin can manage multiple integrations by simply adding/editing/deleting the integration.

    Then, the admin can add new integrations by navigating through Admin Login -> SSO in the admin panel.

    Magento 2 SSO

    The configurations are set by the admin as follows:

    • Add New Integration: On clicking the “Add New Integration” tab the admin can create a new integration.
    • View the integrations along with the details such as the Name of the client and the URL.
    • Edit an integration by clicking the “Edit” button in the Action column.

    Configuring a New Integration

    The admin can add new integration by navigating through SSO -> Add New Integration.

    Afterward, on the New Integration page, the admin can configure the Client Details and the Client Credentials.

    The admin can configure the ‘Name’ and the ‘Url’ against the Client Details tab as shown in the image below.

    The admin can configure the following details:

    • Name –  The name of the client who can log in using the Magento 2 credentials.
    • Url – URL link of the website for SSO integration. If the client cancels the authorization process, it redirects the client to this URL.

    Magento 2 SSO

    As soon as the admin clicks on the “Save” button, it saves the details of the client and generates the credentials, automatically.

    Moreover, The admin can view the ‘Consumer Id’ and the ‘Consumer Secret Key’ credentials under the Client Credentials tab as shown in the image below.

    magento 2 sso

    • The admin can simply “Edit” the integration and “View” it. If need be, the admin can make changes in the integration and save it, or even delete the integration.

    UVdesk Support Portal Integration

    Please Note: To integrate the Magento store with UVdesk the admin must have a UVdesk admin account.

    Furthermore, the admin can Sign up for free at UVdesk to have the UVdesk admin account.

    Benefits of UVdesk Support Portal Integration for SSO
    • The admin can integrate the UVdesk support portal with the Magento Store.
    • The admin’s users can log-in to the UVdesk support portal via Magento login credentials.
    • The users will be automatically signed-in to the UVdesk support portal of the client.
    • After logging in using the Magento credentials, the user can create a ticket for any support query from the UVdesk portal.

    Please Note: Download Magento 2 SSO (of UVdesk) for free from the UVdesk admin panel. Click here to learn about Magento 2 SSO (of UVdesk) installation and configuration.

    UVdesk Integration at Magento 2 Admin Panel

    Furthermore, The admin can add integration for UVdesk by navigating through SSO -> Add New Integration -> Client Details.

    Magento 2 SSO

    • Name –  The name of the user for which the admin shall create the SSO integration.
    • URL – Add the link of the UVdesk support portal of the admin and save the configurations thereafter.

    Then, The admin can use the Consumer Id at UVdesk admin panel for configuring the Magento 2 SSO under SSO -> Add New Integration -> Edit (required integration) -> Client Credentials -> Consumer Id.magento2 sso

    UVdesk Magento 2 SSO Configuration

    Then, admin will have to configure the Magento 2 SSO at UVdesk admin panel.

    uvdesk configure sso

    • Store Name of the Magento 2.
    • Consumer Id which was created at Magento 2 admin panel.
    • Consumer Secret Key which was created at Magento 2 admin panel.
    • Website URL of the Magento 2 store login.
    Front View for the Users

    After the successful integration of UVdesk to the Magento 2, the user will see an option of “Continue with Magento 2 User“.

    However, by this option, the user can sign-in to the UVdesk support portal of the admin.

    magento2 sso

    After that, on clicking the “Continue with Magento 2 User” button the user will be redirected to Magento store login.

    sso front view users magento store login

    However, Tapping the Sign In button brings up the section where the user needs to provide the authorization for accessing the profile as shown below in the snapshot.magento2 sso

    However, Tapping the respective “Continue as Demo” button will redirect the user to the UVdesk portal.

    magento2 ssoHence, The user may choose to click on the “Cancel” tab as shown in the image below. 

    magento2 sso

    As the user clicks on the “Cancel” tab, it redirects the user to the Sign In page as shown in the image below.
    magento2 sso

    Third-party integration like (asp.net, Java, PHP, etc.)

    Follow the below steps to integrate the Magento 2 SSO with third-party integration like asp.net, Java, PHP, etc.

    1.) Create a button at the client end (like asp.net) to login from Magento. After hitting that button redirect to the following URL.

    API to get the token

    API Resource :

    magentobaseurl/sso/sso/index/redirect_uri/#value/client_id/#value

    Method: GET

    Response: redirecturl?token=#tokenval

    Description: get the token

    Note: that redirect_uri and client_id is mandatory field append to URL

    Button Display

    2.) After that, at the API end(Magento end) client id will verify that the client is registered at the Magento end or not? If the customer is registered then a login page will appear to log in.

    Thus, After login a page appears with authorizing and cancel button. If authorized then a token will be provided and append in the redirect URL.

    But if the client is already login with some account then a page appears with authorizing and cancel button.

    If the client is not authorized then an error message will be shown or the user cancels to authorize then it redirects to the redirect URL.

    Authorize or Cancel

    3.)After that client will hit again the Magento SSO module API with the provided token and client id

    API to get the Magento user email information

    API Resource :

    magentobaseurl/sso/sso/accesscustomerdata/client_id/#value/authToken/#value

    Method: GET

    Response: JWT encoded string or Array(with error key)

    Description: get the user email information

    if client_id and auth token verified we send the customer email and name with the expiration of 2 minutes encoded by JWT using client secret key else error will be provided in $response[‘error] form

    Hence, The client has to decode the data using JWT via the client secret key generated at Magento end with a success or error field.

    API to check the detail entered at the client end (UVdesk, asp.net) correct or not

    API Resource :

    magentobaseurl/sso/sso/checkcredential/client_id/#value/client_secret_key/#value

    Method: GET

    Response: Array

    Description: check the detail entered at the client end is correct?

    That’s all for Magento 2 SSO module. If you still have any issue, feel free to add a ticket and let us know your views on our webkul support system.

    Current Product Version - 4.0.0

    Supported Framework Version - Magento 2.0.x, 2.1.x, 2.2.x,2.3.x, 2.4.x

    Blog Version - Magento 2.0.x, 2.1.x, 2.2.x,2.3.x, 2.4.x
    • Version 2.0.x, 2.1.x, 2.2.x, 2.3.x
    • Version 2.0.x, 2.1.x, 2.2.x, 2.3.x, 2.4.x
    . . .
    Discuss on Helpdesk

    Leave a Comment

    Your email address will not be published. Required fields are marked*


    Be the first to comment.

    Back to Top

    Table of Content