Once the SSO between the WordPress sites has been configured, you can proceed with some additional configuration steps to make the most out of WP Single Sign-On. This includes steps for Advanced & Custom Attribute Mapping, Group & Role Mapping, Single Logout, and more.
1. Attribute Mapping
- In the Service Provider Setup tab of the miniOrange SAML SP plugin, after metadata exchange click on Test Connection.
- After performing SSO, the default attributes will be sent from the Identity provider side and will be available for Attribute Mapping.
- There are certain default attributes that are sent from the IDP side for every connection that are listed in the table.
Adding extra Attributes on the Identity Provider Side:
- Navigate to the Attribute/Role Mapping tab in the Login using WordPress plugin.
- Under Attribute Mapping section, select an appropriate attribute which will act as a primary attribute to be sent in a SAML response.
- In the User Attributes section, enter the name of the user attribute and select the corresponding attribute from the user metadata. Then click on the Save button.
- You can add new attributes using the + button and you can remove them using this - button as shown below.
- And, click on the Save button.
- Navigate to the Service Provider Setup tab of the miniOrange SAML SP plugin and click on the Test Connection.
- A popup window will appear. If your connection is successful then the list of attributes mapped and the custom attribute will be displayed.
2. Custom Attribute Mapping
- This feature allows you to create custom attributes that can be mapped with any of the attributes sent by the Identity Provider (i.e. WordPress site). This is stored in user meta table in WordPress database.
- To display this custom attribute in the users menu table in WordPress, enable the Display Attribute toggle.
- You can add new attributes using the Add Attribute button.
- And then, click on the Save button to save the configurations.
3. Role Mapping
- The Attribute Mapping section also provides mapping for fields named Group/Role.
- This attribute will contain the role-related information sent by the Identity Provider (i.e. WordPress).
- The roles are allocated to specific users on the bases of their roles/groups at the time of login.
- The value of this attribute which is mapped to Group/Role will be considered in the Role Mapping section.
- Values of selected Group/Roles of respective users can be placed in the input box of different default Roles which have to be assigned to the respective user.
- For Example:
- For example, If you want a user whose Group/Role attribute value is SAML to be assigned as an Editor in WordPress, just provide the mapping as SAML in the Editor field of Role Mapping section.
- In the Login Using WordPress Users plugin, navigate to the Attribute/Role Mapping tab.
- Under the Group/Role Mapping section, you can create a custom group to assign to the users.
4. Single Logout
- Copy the Single Logout URL from the Service Provider Metadata tab in the miniOrange SAML SP plugin.
- Now, go to the Service Providers tab in the Login Using WordPress Users plugin.
- Under this tab, click on the Edit option available for the service provider you have configured.
- Paste the SAML Logout URL you copied from the metadata of the WordPress SAML SSO plugin, in the Single Logout URL field.
- Click on the Save button.
- Now, go to the IDP Metadata tab in the Login using WordPress Users plugin.
- Under this tab, go to SAML Logout URL and copy this URL.
- Now, go to the Service Providers tab in the Login Using WordPress Users plugin.
- And, paste the URL in the SAML Logout URL field.
- And, click on Save.
5. Signed SSO Requests
- In the Service Provider Setup tab, enable the Sign SSO & SLO Requests toggle for performing Signed SSO and Single Logout Requests.
- Then, click on Save button to save the configuration.
- Go to the Manage Certificates tab and under the miniOrange default certificate configuration.
- Click on Download Certificate.
- Now, go to the Service Providers tab in the Login Using WordPress Users plugin.
- Under this tab, click on the Edit option for the service provider you have configured.
- Paste the certificate in the X.509 Certificate field and click on the Save button.
Conclusion
Setting up additional configuration for Advanced & Custom Attribute Mapping, Group & Role Mapping, Single Logout along with SSO allows you to maximize efficiency and user identity management from your IDP to your WordPress site.