Integrate User Login to Your WordPress Website with WSO2 Identity Server

The Flow

  1. Requesting Service Provider’s(miniOrange SAML SSO plugin) service
  2. Service Provider creates SAML authentication requests and the user redirects to the WSO2 Identity Server.
  3. User Login with credentials and get authenticated
  4. Identity Server sends SAML response
  5. Service Provider verifies the SAML response and authorizes the user’s request

Configure SAML SSO plugin in WordPress

<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" entityID="localhost"><IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol" validUntil="2022-02-02T19:18:52.989Z"><KeyDescriptor use="signing">
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<X509Data>
<X509Certificate>MIIDqTCCApGgAwIBAgIEXbABozANBgkqhkiG9w0BAQsFADBkMQswCQYDVQQGEwJVUzELMAkGA1UE CAwCQ0ExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxDTALBgNVBAoMBFdTTzIxDTALBgNVBAsMBFdT TzIxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0xOTEwMjMwNzMwNDNaFw0yMjAxMjUwNzMwNDNaMGQx CzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzENMAsGA1UE CgwEV1NPMjENMAsGA1UECwwEV1NPMjESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0B AQEFAAOCAQ8AMIIBCgKCAQEAxeqoZYbQ/Sr8DOFQ+/qbEbCp6Vzb5hzH7oa3hf2FZxRKF0H6b8CO Mzz8+0mvEdYVvb/31jMEL2CIQhkQRol1IruD6nBOmkjuXJSBficklMaJZORhuCrB4roHxzoG19aW mscA0gnfBKo2oGXSjJmnZxIh+2X6syHCfyMZZ00LzDyrgoXWQXyFvCA2ax54s7sKiHOM3P4A9W4Q UwmoEi4HQmPgJjIM4eGVPh0GtIANN+BOQ1KkUI7OzteHCTLu3VjxM0sw8QRayZdhniPF+U9n3fa1 mO4KLBsW4mDLjg8R/JuAGTX/SEEGj0B5HWQAP6myxKFz2xwDaCGvT+rdvkktOwIDAQABo2MwYTAU BgNVHREEDTALgglsb2NhbGhvc3QwHQYDVR0OBBYEFEDpLB4PDgzsdxD2FV3rVnOr/A0DMB0GA1Ud JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjALBgNVHQ8EBAMCBPAwDQYJKoZIhvcNAQELBQADggEB AE8H/axAgXjt93HGCYGumULW2lKkgqEvXryP2QkRpbyQSsTYcL7ZLSVB7MVVHtIsHh8f1C4Xq6Qu 8NUrqu5ZLC1pUByaqR2ZIzcj/OWLGYRjSTHSVmVIq9QqBq1j7r6f3BWqaOIiknmTzEuqIVlOTY0g O+SHdS62vr2FCz4yOrBEulGAvomsU8sqg4PhFnkhxI4M912Ly+2RgN9L7AkhzK+EzXY1/QtlI/Vy sNfS6zrHasKz6CrKKCGqQnBnSvSTyF9OR5KFHnkAwE995IZrcSQicMxsLhTMUHDLQ/gRyy7V/ZpD MfAWR+5OeQiNAp/bG4fjJoTdoqkul51+2bHHVrU=</X509Certificate></X509Data>
</KeyInfo>
</KeyDescriptor>
<ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://localhost:9443/samlartresolve" index="1"/><SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://localhost:9443/samlsso" ResponseLocation="https://localhost:9443/samlsso"/><SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://localhost:9443/samlsso" ResponseLocation="https://localhost:9443/samlsso"/><SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://localhost:9443/samlsso" ResponseLocation="https://localhost:9443/samlsso"/><SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://localhost:9443/samlsso"/><SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://localhost:9443/samlsso"/></IDPSSODescriptor>
</EntityDescriptor>

Configure the service provider in the WSO2 Identity Server

  1. Access the management console on the browser and log in.
Access -> https://localhost:9443       Use the super admin credentials to login username -> admin
password -> admin
  • check Enable Response Signing
  • check Enable Single Logout
  • Check Enable Attribute Profile and Include Attributes in the Response Always
  • Retrieve the Audience URI and Recipient URL from the SAML SSO plugin in WordPress. You can find these from the Service Provider Metadata tab.
  • Check Enable Audience Restriction and enter the Audience URL.
  • Check Enable Recipient Validation and enter the Recipient URL.
  • Click Update.

Let’s Try Out

  • On the Service Provider Setup tab, click theTest Configuration button at the bottom of the page.
  • Log in with a user in the WSO2 Identity Server.
  • Give the consent and you will be able to see a page like below.
  • Click Appearance -> Widgets from the left side pane.
  • Select the Widget by searching “SAML” and then add it to the theme. This step will not be like below as it depends on the theme you are using.
  • Click Update.
  • Let’s try to log in to the website. Click the login link on the widget.
  • You will be redirected to the Identity Server login page to authenticate.
  • You will be redirected to the WordPress webpage after authentication is completed. Then you can find the logout link in the widget to initiate the logout flow.
  • You can log out by clicking the Logout link of the widget. Then you will be able to see the same Widget with the Login with WSO2IS link.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store