Once the WordPress Azure AD SSO has been configured, you can proceed with some additional configuration steps to make the most out of WP Single Sign-On. This includes steps for Advanced & Custom Attribute Mapping, Group & Role Mapping, Single Logout, and more.
1. Attribute Mapping
- In the Service Provider Setup tab, after metadata exchange click on Test Connection.
- After performing SSO, the default attributes will be sent from Azure AD and will be available for Attribute Mapping.
- There are certain default attributes that are sent from the Azure AD side for every connection that are listed in the table.
Adding extra Attributes on the Azure AD Side:
-
Go to Attributes & Claims and click on the Edit button.
-
In order to add a custom attribute, click on Add new claim under the Attributes tab.
-
Under the Manage Claim tab, fill all the required fields Name, Namespace, and Source attributes.
-
Then, click on Save.
-
Navigate to the Service Provider Setup tab, there click on Test Connection.
-
A popup window will appear. If your connection is successful then the list of attributes mapped and the custom attribute will be displayed.
2. Configure Advanced & Custom Attribute Mapping
-
This feature allows you to create custom attributes that can be mapped with any of the attributes sent by the Azure AD. This is stored in user meta table in WordPress database.
-
Write your custom attribute name in the Custom Attribute Name input box, select the attribute from IDP using the dropdown in the Attribute Name from IDP field.
-
To display this custom attribute in the users menu table in WordPress, enable the Display Attribute toggle.
-
You can add new attributes using the ADD Attribute button.
-
And then, click on Save button to save the configurations.
3. Role Mapping
4. Single Logout
-
For configuring Single Logout, scroll down to the logout URL in the Single Sign On tab.
-
And, enter the Single Logout URL from the Service Provider Metadata tab in the plugin.
5. Signed SSO Requests
- For Signed SSO Requests, enable the Sign SSO & SLO Requests toggle in the Service Provider Setup tab in the plugin.
- Download the SP Certificate from the Service Provider Metadata tab.
-
Now, navigate to the Azure Ad platform.
-
To allow the signed request and its verification click on the edit button in Verification certificates.
-
Then, check both Require verification certificate and Allow request signed options.
-
Click on the upload certificate and select .cer formatted file.
-
In case if you have a .crt formatted file follow the process mentioned below.
-
Open the certificate file downloaded from the Service provider side
-
Go to the Details tab, and click the Copy to file button.
-
Select the Base-64 encoded X.609 option and click on next.
-
Then, enter a filename and click on the next button.
-
And then, click on the OK button to save the Certificate.
Conclusion
Setting up additional configuration for Advanced & Custom Attribute Mapping, Group & Role Mapping, Single Logout along with SSO allows you to maximize efficiency and user identity management from your IDP to your WordPress site.