Logging in to OpenCart using the Identity Server¶
OpenCart is a popular open source platform facilitating trading products online, making it a one-stop solution for e-commerce businesses. This topic provides instructions on configuring OpenCart and MWARE IAM to enable users to log in to OpenCart using your MWARE IAM credentials. In this tutorial, MWARE IAM acts as the identity provider and the miniOrange SAML Single Sign on (SSO) third party plugin acts as the SAML 2.0 service provider which can be configured to establish the trust between the plugin and MWARE IAM to securely authenticate the user to the Opencart store.
The flow¶
The diagram below demonstrates the flow of how OpenCart uses MWARE IAM as a SAML2 federated authenticator to authenticate a user.
Before you begin!
You need to have OpenCart installed. Refer: https://docs.opencart.com/installation/
Let's get started!
Configure OpenCart¶
Install SAML SSO extension¶
-
Visit the OpenCart extension store and download the miniorange saml service provider extension.
-
Login to the OpenCart dashboard as administrator.
-
Navigate to Extensions > Installer from the admin dashboard.
-
Click on the Upload button and select the downloaded miniorange saml sp extension.
-
Navigate to Extensions > Extensions and choose the extension type as Modules.
-
In the module list, you will see MiniOrange SAML SP. Click on the install button, [ + ] .
Configure the SAML SSO extension¶
-
Click on the Edit icon to start configuring the extension.
-
Provide an application name.
-
In the Service Provider Metadata tab, you will find the SP Entity ID and ACS Url which will be needed later for identity provider configurations.
-
In the Identity Provider Setup tab, provide the values for Entity ID, Single Login URL and SAML x509 Certificate. These values should match with the SAML metadata values available in the identity provider.
Extract SAML metadata values
- Login to MWARE IAM as the administrator.
- Under the Main tab, select Resident Identity Provider under Identity Providers.
- Expand the Inbound Authentication Configuration section.
- Select SAML2 Web SSO Configuration and Download SAML Metadata.
- The downloaded xml file contains the relevant information required for the identity provider setup.
-
Add the relevant IdP attributes by navigating to Attribute Mapping tab.
- First name:
http://wso2.org/claims/givenname
- Last name:
http://wso2.org/claims/lastname
- First name:
-
Save the configurations.
Add the SAML SSO extension to view layout¶
-
Navigate to Design > Layouts from the admin dashboard. Select the Edit icon adjacent to Account.
-
Choose a preferred display position for the module and add it by selecting the MiniOrange SAML SP from the dropdown.
-
Save the settings after adding the module to the display.
Configuring the service provider in MWARE IAM¶
-
Sign in to the MWARE IAM Management Console.
-
On the Main menu, click Identity > Service Providers > Add.
-
Fill in the Service Provider Name and provide a brief Description of the service provider. Only Service Provider Name is a required field and you can use Opencart-SP as the name for this example.
-
Expand Claim Configuration.
- Select Use Local Claim Dialect.
- For Requested Claims, add the following claim URIs.
https://wso2.org/claims/lastname
https://wso2.org/claims/givenname
- Set Subject Claim URI to
https://wso2.org/claims/emailaddress
.
-
Expand the Inbound Authentication Configuration > SAML2 Web SSO Configuration section and click Configure. In the form that appears, fill out the following configuration details required for single sign-on. For more details on these attributes, refer SAML2 Web SSO Configuration.
- For the value of Issuer, provide the SP Entity ID obtained as Service Provider Metadata when configuring SAML SSO extension in OpenCart.
- For the value of Assertion Consumer URL, provide the ACS Url obtained as Service Provider Metadata when configuring SAML SSO extension in OpenCart.
- Uncheck Enable Signature Validation in Authentication Requests and Logout Requests.
- Check Enable Attribute Profile and Include Attributes in the Response Always.
- Save the configuration.
Try it out¶
-
Visit the OpenCart site and click on login.
-
In the next view click on ‘Login with $app’ where $app is the application name you have provided when configuring the SSO extension.
-
You will be redirected to MWARE IAM login page. Login by providing credentials of a user in MWARE IAM.
-
Upon successful login you will be logged in to OpenCart.
-
The user profile attributes configured in MWARE IAM will be populated in the Personal details of your account.