Search Results :

×
Sign Up Contact Us

Contents

AWS Cognito Single Sign-On (SSO) Integration with WordPress OAuth

AWS Cognito Single Sign-On (SSO) for WordPress uses OAuth Authorization flow to provide users secure access to WordPress site. With our WordPress OAuth Single Sign-On (SSO) plugin, AWS Cognito acts as the OpenID Connect and OAuth provider, ensuring secure login for WordPress websites. The integration of WordPress with AWS Cognito simplifies and secures the login process using AWS Cognito OAuth. This solution allows employees to access their WordPress sites with Single Sign-On (SSO) using their AWS Cognito credentials, completely removing the need to store, remember, and reset multiple passwords. In addition to offering AWS Cognito SSO functionality, the WordPress SSO plugin extends its support to a various IDPs, including Azure AD, Office 365, and specialized providers, offering robust SSO capabilities like multi-tenant login, role mapping, and user profile attribute mapping. For a detailed overview of the features, check out the WordPress OAuth Single Sign-On (SSO) plugin. You can follow the below steps to setup AWS Cognito Single Sign-On (SSO) with WordPress.

download plugin button Download Plugin plugin pricing button plugin pricing button Pricing Plans free trial plugin free trial plugin Free Trial

WordPress Cognito Integration
By miniOrange

WordPress Cognito Integration uses the Cognito SDK and allows users to fill Registration and Password Reset forms or log into the WordPress website directly.

Know More

  • Log into your WordPress instance as an admin.
  • Go to the WordPress Dashboard -> Plugins and click on Add New.
  • Search for a WordPress OAuth Single Sign-On (SSO) plugin and click on Install Now.
  • Once installed click on Activate.

  • First of all, go to Amazon Console and sign up/login in your account to Configure AWS Cognito.

    • AWS Cognito Single Sign-On (SSO) - Login to Amazon Console
  • Search for Cognito in the AWS Services search bar as shown below.

    • AWS Cognito Single Sign-On (SSO) - Search for AWS Cognito
  • Click on Create a user pool to create a new user pool.

    • AWS Cognito Single Sign-On (SSO) - click on create user pool
  • Select the Application type , enter the name for your application and Choose the attributes in your user pool to be used during the sign-in process.
  • Under the Return URL section add the Redirect/Callback URL which you will get from your miniOrange OAuth Single Sign-On plugin.
  • Then, click on Create User Directory button.
    • Note and Contact Us - SSO between two WordPress sites

    Note: If you already have a user pool created and wish to change the Callback/Redirect URL, go to the Login Pages tab under your application, click Edit, and add or update the redirect URL.


    AWS Cognito Single Sign-On (SSO) - configure sign in experience
  • After successfully creating your user pool, Select your pool name from the list of pools to start with user creation.

    • AWS Cognito Single Sign-On (SSO) - select your pool name
  • Go to the Users tab, and click Create user.

    • AWS Cognito Single Sign-On (SSO) - create user
  • Enter details such as username, email address & password. Click on Create user to save the details.

    • AWS Cognito Single Sign-On (SSO) - enter username email password
  • After the successful creation of the user, you will need a copy of the Cognito domain, Client ID, and Client Secret. Go to the 'Branding' section and under the Domain tab copy the complete domain name {your domain name}.auth.{region name}.amazoncognito.com. This should be entered into the endpoints field under in the miniOrange OAuth Single Sign-On (SSO) plugin.

    • AWS Cognito Single Sign-On (SSO) - app integration tab
  • To get the Client ID and Client Secret, under the 'Application' tab go to the 'App clients' section. Click on your App client name to see the Client ID and Client Secret.

    • AWS Cognito Single Sign-On (SSO) - get client credentials

    In conclusion, by successfully configuring AWS Cognito as OAuth Provider, you have enabled seamless AWS Cognito Single Sign-On (SSO) and authorization for your end users into WordPress.


  • Go to Configure OAuth tab and click Add New Application to add a new client application into your website.
    • AWS Cognito Single Sign-On (SSO) OAuth - Add new application
  • Choose your Application from the list of OAuth / OpenID Connect Providers, Here AWS Cognito
    • AWS Cognito Single Sign-On (SSO) OAuth - Select Application
  • After selecting the provider copy the Callback URL which needs to be configured in OAuth Provider's SSO application Configuration.
  • Enter the Client Credentials like Client ID & Client Secret which you will get from the AWS Cognito SSO application.
  • Configure the Cognito App Domain found from the AWS Cognito SSO application. Please refer the below table for configuring the scope & endpoints for Amazon Cognito in the plugin
    • Scopes openid
    Authorize Endpoint: https://<cognito-app-domain>/oauth2/authorize
    Access Token Endpoint: https://<cognito-app-domain>/oauth2/token
    Get User Info Endpoint: https://<cognito-app-domain>/oauth2/userInfo
    Custom redirect URL after logout:[optional] https://<cognito-app-domain>/logout?client_id=<Client-ID>&logout_uri=<Sign out URL configured in Cognito Portal>
  • Click on Next.
    • AWS Cognito Single Sign-On (SSO) OAuth - Client ID & Client Secret
  • After verifying all the details on the summary page, click on Finish to save the configuration as well as test the SSO connection.
    • AWS Cognito Single Sign-On (SSO) OAuth - Finish configuration
  • After successful test configuration, you will see the user attributes table.
    • AWS Cognito Single Sign-On (SSO) OAuth - Finish configuration

    In conclusion, by successfully configuring WordPress as OAuth Client, you have enabled seamless AWS Cognito Single Sign-On (SSO) and authorization for your end users into WordPress.

  • Go to Configure OAuth tab and search your application name to add a new client application into your website, Here Custom OpenID Connect App.
    • AWS Cognito Single Sign-On (SSO) OAuth - Add new application

  • Please refer the below table for configuring the scope & endpoints for Amazon Cognito in the plugin.

    Client ID : Click Here
    Client Secret : Click Here
    Scope: openid
    Authorize Endpoint: https://<cognito-app-domain>/oauth2/authorize
    Access Token Endpoint: https://<cognito-app-domain>/oauth2/token
    Get User Info Endpoint: https://<cognito-app-domain>/oauth2/userInfo
    Custom redirect URL after logout:[optional] https://<cognito-app-domain>/logout?client_id=<Client-ID>&logout_uri=<Sign out URL configured in Cognito Portal>
    • AWS Cognito Single Sign-On (SSO) OAuth - Add App name, TenantID
  • Choose your Grant Type from the list of options & Click on Save Settings to save the configuration..
    • AWS Cognito Single Sign-On (SSO) OAuth - Add Grant Type
  • After verifying all the details, click on Test Configuration button to test the SSO connection.
  • You will see all the values returned by your OAuth Provider to WordPress in a table.
    • AWS Cognito Single Sign-On (SSO) OAuth - Add Grant Type

    You have successfully configured WordPress as OAuth Client for achieving user authentication with AWS Cognito Single Sign-On (SSO) login into your WordPress Site.

  • User Attribute Mapping is mandatory for enabling users to successfully Single Sign-On into WordPress using AWS SSO. We will be setting up user profile attributes for WordPress using the below settings.

    • Finding user attributes

    • Once you see all the values in Test Configuration, go to Attribute / Role Mapping tab, map an attribute with a username that is unique for every user. You also map other attributes like firstname, lastname, etc. Click on Save.
      • AWS Cognito Single Sign-On (SSO) - attribute/role mapping

  • Enable Role Mapping: To enable Role Mapping, you need to map Group Name Attribute. Select the attribute name from the list of attributes which returns the roles from your provider application.
    Eg: Role

    • AWS Cognito Single Sign-On (SSO) - test configuration - role mapping
  • Assign WordPress role to the Provider role: Based on your provider application, you can allocate the WordPress role to your provider roles. It can be a student, teacher, administrator or any other depending on your application. Add the provider roles under Group Attribute Value and assign the required WordPress role in front of it under WordPress Role.

    For example, in the below image. Teacher has been assigned the role of Administrator & Student is assigned the role of Contributor.
    • AWS Cognito Single Sign-On (SSO) - test configuration - role mapping
  • Once you save the mapping, the provider role will be assigned the WordPress administrator role after SSO.
    Example: As per the given example, Users with role ‘teacher’ will be added as Administrator in WordPress and ‘student’ will be added as Contributor.

  • The settings in Single Sign-On (SSO) Settings tab define the user experience for Single Sign-On (SSO). To add a AWS Cognito login widget on your WordPress page, you need to follow the below steps.
  • Go to WordPress Left Panel > Appearances > Widgets.
  • Select miniOrange OAuth. Drag and drop to your favourite location and save.
    • Azure AD Single Sign-on (SSO) - WordPress create-newclient login button setting
  • Go to WordPress Left Panel > Appearances > Widgets.
  • Select miniOrange OAuth. Drag and drop to your favourite location and save.
    • Azure AD Single Sign-on (SSO) - WordPress create-newclient login button setting
  • Open your WordPress page and you can see the Azure AD SSO login button there. You can test the Azure AD Single Sign-On (SSO) - Azure AD OAuth now.
  • Make sure the "Show on login page" option is enabled for your application. (Refer to the below image)
    • AWS Cognito Single Sign-on (SSO) - WordPress create-newclient login button setting
  • Now, go to your WordPress Login page. (Eg. https://< your-wordpress-domain >/wp-login.php)
  • You will see an AWS Cognito SSO login button there. Once you click the login button, you will be able to test the AWS Cognito Single Sign-On (SSO).
    • AWS Cognito Single Sign-on (SSO) - WordPress create-newclient login button setting

In conclusion, after successfully configuring AWS Cognito as an OAuth Provider and WordPress as an OAuth Client, you've achieved a smooth and secure authentication process for your users. Through AWS Cognito Single Sign-On (SSO), you can ensure a robust user experience within the WordPress environment. This allows users the ease of accessing multiple applications with a single set of login credentials. Through the integration of AWS Cognito OAuth as the primary authentication solution, users can securely log into their WordPress accounts with their existing AWS Cognito credentials.

Know More ➔

To fix this issue, please configure the correct Authorization endpoint in the plugin. You can confirm the correct format of the endpoint from here.

Please make sure if you have entered correct Scopes in the plugin. You verify steps from this setup guide.

To fix this issue, please configure the correct Redirect url in the Cognito Developer application from the plugin . You can refer to the steps in the setup guide here.

To fix this issue, please configure the correct Client Secret in the plugin. You can refer to this steps to configure correct Client Secret from the setup guide.


Go to your user pool in Cognito. Under General Settings, go to Policies. Select the option Only allow administrators to create users and Save Changes. Read more

This error has probably occurred because you might not have enabled the following checkboxes ‘username password auth for admin APIs for authentication’ and ‘username password-based authentication’ while configuring the App client in Cognito User Pool. Read more



ADFS_sso ×
Hello there!

Need Help? We are right here!

support