21 Implement Storefront Single Sign-On

Oracle Commerce enables you to integrate customer logins on your storefront with an external customer data store or identity management tool.

For example, suppose you have an existing informational website with a large number of customer accounts. When you create a new Commerce site, you may want to provide existing customers with accounts on the commerce site.

Storefront Single Sign-On (SSO) is implemented using SAML (Security Assertion Markup Language) 2.0, which is an open-standard XML-based data-exchange format. Before setting up storefront SSO, you should be familiar with SAML 2.0. For information about SAML 2.0, see:

https://en.wikipedia.org/wiki/SAML_2.0

The SAML 2.0 specification is available at:

http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf

Storefront Single Sign-On (SSO) provides two main benefits:

• Your Commerce environment can share logins with another site or system, so that logging into one environment automatically logs a shopper into the other.
• If an unregistered shopper is logged into the external system, then the first time the shopper accesses the Commerce site, a shopper profile is automatically created.

There are two ways you can use SSO on your storefront:

• You can configure your storefront to use SSO exclusively. In this case, all shopper logins are maintained in the external system.
• You can configure your storefront to support both SSO and standard logins. In this case, the logins for shoppers using SSO are maintained in the external system, and the logins for other shoppers are maintained in Commerce.

This section describes both of these configurations and how to set them.