Integrating Magento eCommerce with SAML2 and OpenAM

This topic contains 3 replies, has 3 voices, and was last updated by  jgoers 4 days, 8 hours ago.

  • Author
    Posts
  • #20864
     jgoers 
    Participant

    My organization is implementing Magento as our new eCommerce solution, and we need it to act as a SAML2 service provider with OpenAM being the IdP. Magento is written in PHP using the Zend framework, and unfortunately it does not contain native SAML support. Our Magento implementation partner is recommending to install this Magento SAML2 plugin: https://marketplace.magento.com/sixtomartin-onelogin-module-saml2-extend.html However there is concern about the supportability of that plugin and I have been asked to research alternatives. So, I am asking for anyone who has implemented Magento as a SAML SP to comment on their solution, and/or to comment on the following options I see:

    1. Use the above plugin – this seems the cleanest to me by far
    2. Use SimpleSAMLphp – https://simplesamlphp.org/ – this seems like it would give us more control over the implementation and support of it – but it would be more integration work
    3. Use the OpenAM Fedlet – this does not seem like a good option as the fedlet needs to run in a servlet container
    4. Use OpenIG to implement the SAML SP interface and sit in front of Magento – looking at the IG docs this looks like it could work pretty well. It would extract the attribute statements from the SAML response assertion from OpenAM and pass them to Magento as a form post or maybe JWT.

    thanks and regards,
    Jeffrey W. Goers
    AAMC

    #20868
     Peter Major 
    Moderator

    Additional alternatives:
    * deploy web agent and protect the PHP application using that (this wouldn’t be SAML2 based though)
    * install Shibboleth SP on the web server

    #20876
     Andy Cory 
    Participant

    If it were me, I’d go for Peter’s option 1, the web agent protecting the PHP app (unless you must use SAML for some reason_. Pretty much as clean as using the Magento SAML2 plugin, but without any supportability concerns.

    -Andy

    #20879
     jgoers 
    Participant

    Well I forgot to state that Magento will be implemented as a cloud service in AWS, and our OpenAM IdP is on prem, so I was just assuming we would use federation and SAML. But using a web agent, or installing Shibboleth may be options too. My understanding is that we will have direct access to the AWS Magento infrastructure and can alter it if we need to. I imagine we could also use IG instead of the web agent and just configure it as a regular SSO filter and not bother with SAML.

    thanks jeff

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.

©2018 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?