Integrating Magento eCommerce with SAML2 and OpenAM

This topic has 3 replies, 3 voices, and was last updated 4 years, 9 months ago by jgoers.

  • Author
  • #20864

    My organization is implementing Magento as our new eCommerce solution, and we need it to act as a SAML2 service provider with OpenAM being the IdP. Magento is written in PHP using the Zend framework, and unfortunately it does not contain native SAML support. Our Magento implementation partner is recommending to install this Magento SAML2 plugin: However there is concern about the supportability of that plugin and I have been asked to research alternatives. So, I am asking for anyone who has implemented Magento as a SAML SP to comment on their solution, and/or to comment on the following options I see:

    1. Use the above plugin – this seems the cleanest to me by far
    2. Use SimpleSAMLphp – – this seems like it would give us more control over the implementation and support of it – but it would be more integration work
    3. Use the OpenAM Fedlet – this does not seem like a good option as the fedlet needs to run in a servlet container
    4. Use OpenIG to implement the SAML SP interface and sit in front of Magento – looking at the IG docs this looks like it could work pretty well. It would extract the attribute statements from the SAML response assertion from OpenAM and pass them to Magento as a form post or maybe JWT.

    thanks and regards,
    Jeffrey W. Goers

     Peter Major

    Additional alternatives:
    * deploy web agent and protect the PHP application using that (this wouldn’t be SAML2 based though)
    * install Shibboleth SP on the web server

     Andy Cory

    If it were me, I’d go for Peter’s option 1, the web agent protecting the PHP app (unless you must use SAML for some reason_. Pretty much as clean as using the Magento SAML2 plugin, but without any supportability concerns.



    Well I forgot to state that Magento will be implemented as a cloud service in AWS, and our OpenAM IdP is on prem, so I was just assuming we would use federation and SAML. But using a web agent, or installing Shibboleth may be options too. My understanding is that we will have direct access to the AWS Magento infrastructure and can alter it if we need to. I imagine we could also use IG instead of the web agent and just configure it as a regular SSO filter and not bother with SAML.

    thanks jeff

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?