Setting up Single Sign On

Infigo have not officially launched this section of admin. We are currently trialling it, so if you cannot see SAML in admin and you would like to. Please submit an SSO ticket as normal and state you would like to configure your own SSO with our support. 

Pre-requisites

1) SAML within Infigo is a paid module. Your Customer Success Manager can provide you with a quote.

2) Before getting started with your SSO setup you need to have applied a custom binding (URL) to your storefront. For example www.mystorefront.com, as opposed to www.companyname.infigosoftware.com/storefrontname (this is the default binding on a new store). For more information on the new binding and SSL process please see our other help centre articles: Adding a custom binding to your site and The SSL implementation process: securing your storefront

3) You will need the following information to populate the SAML settings: 

3a) The Identity Provider's (aka the IDP) Metadata XML in either a dynamic link, or the XML file. 

3b) You will need to decided whether users are authenticated via username or email address. 

3c) You'll need the SAML attributes from the IDP. These are used to map fields in the IDP and Infigo. If these aren't correct, the 'handshake' will fail. 

 

About

Single sign-on is an authentication scheme that allows a user to log in with a single ID to any of several related, yet independent, software systems. True single sign-on allows the user to log in once and access services without re-entering authentication factors. 

If you want to direct end users from a centralised third party system into your Infigo storefront using Single Sign On (making the experience as fluid and simple as possible for your end users / customers) then our SAML 2.0 module might be the answer.

Our SSO module requires SAML 2.0 support from the third party system, so you would need to check with the administrators first. It also requires that third party system to be the Identity Provider (Infigo is the Service Provider). 

 

Setup

1) Search "SAML" in the admin menu. 

2) Populate the plugin configuration using the tool tips (?) to guide you.

  • Login mode - select an option from the dropdown. It would be advisable to select "button" when setting up SSO, and you can change this later once SSO is working. 
  • Logout mode - select an option from the dropdown 
  • Customer Identification select an option from the dropdown 
  • Customer Identification Attribute name - fill field from IDP metdata
  • Redirection settings:
    • enable login/logout page redirections for SSO - (optional) tick to enable 
    • Login redirection URL for SSO - (optional) 
    • Logout redirection URL for SSO - (optional) 
  • Mapping settings: 
  • create users if not present - tick to enable 
  • Customer properties mapping (customer creation)  
    • Add new mapping - click to add all attributes. E.g. if you have 3, click 3 times to create 3 mapping fields 
  • External customer role mapping - (optional) if you want to map customer roles 
  • Customer information to be updated on login - add each tag for the attributes you'd like to update each time a user logs in
  • Cache Settings - no changes required. 
  • SAML 2.0 Configuration 
    • SAML client enabled - tick to enable when you'd like SAML to be 'live' on our store. If you wish to log into the storefront without SSO when enabled, please add "/login?originalCatfish=true" to the end of the site's URL. 
    • Consumer Entity ID - this will always be "urn:InfigoServiceProvider" 
    • Consumer Server URL - this is the storefront binding (URL) 
    • Assertation Consumer Service (ACS) URL - 
    • SAML 2.0 Configuration XML - 
    • Storefront Metadata XML - this field will be populated once all fields have been completed and the settings have been saved. 
    • Storefront Metadata link - this field will be populated once all fields have been completed and the settings have been saved. 
  • Identity Provider Configuration
    • IDP entityID - fill field from IDP metadata. 
    • Allow unsolicited responses - tick to enable. 
    • Enable Assertation Signature Check - this is dependant on the IDP.
    • Validate trust chain - this is dependant on the IDP. 
    • User Identity Provider metadata link - (preferred method) you can use a dynamic link here for the metadata or you can paste the xml below. If you choose to copy and paste the XML then it will not update if changes are made in the IDP. 
    • Identity Provider Metadata XML - see above bullet point. 
    • Self issued certificates to validate - this is dependant on the IDP.

3) Click save in the top right corner of the screen. 

4) Once these fields have been completed, you can scroll down to step 5 under "information on how to configure SAML 2.0" and follow the instructions for obtaining the metadata. 

5) Testing:

5a) Go to the storefront URL and attempt to login via SSO. 

5b) You should be able to successfully login via SSO. Following this, go to Customer Management in Admin and check the user fields have been populated correctly as per the attribute mapping. 

5c) If you cannot login (you get an error), please run a SAML tracer and create a Query ticket under System Area SSO and attach the tracer to the ticket as well as a screenshot of the error. If possible please create a test user (username and password) for the Support Team to replicate the error. 

 

Hannah -
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.