Forgerock/OpenAM OAuth & OpenID connect Single Sign-On (SSO)
Forgerock/OpenAM OAuth & OpenID connect Single Sign-On (SSO)
WordPress OAuth & OpenID Connect Single Sign-On (SSO) plugin enables secure login into WordPress using Forgerock / OpenAM as OAuth and OpenID Connect provider. It supports advanced Single Sign-On (SSO) features such as user profile Attribute mapping, Role mapping, etc. Here we will go through a guide to configure SSO between WordPress and Forgerock / OpenAM. By the end of this guide, users should be able to login to WordPress from Forgerock / OpenAM. To know more about other features we provide in WP OAuth Single Sign-On ( OAuth & OpenID Connect Client ) plugin, you can click here.
Pre-requisites : Download And Installation
- Log into your WordPress instance as an admin.
- Go to the WordPress Dashboard -> Plugins and click on Add New.
- Search for a WordPress OAuth Single Sign-On (SSO) plugin and click on Install Now.
- Once installed click on Activate.
Steps to configure Forgerock / OpenAM Single Sign-On (SSO) Login into WordPress
1. Setup Forgerock / OpenAM as OAuth Provider.
- Go to developer account of Forgerock / OpenAM and sign up/login.
- From Configure OAuth tab in Oauth Client plugin, collect Redirect/Callback URL and enter it into your Forgerock / OpenAM Application.
- Copy the Client ID and Client Secret and save it on your miniOrange OAuth Client plugin Configuration.
You have successfully configured Forgerock / OpenAM as OAuth Provider for achieving Forgerock / OpenAM Single Sign-On (SSO) with WordPress for user authentication.
2. Setup WordPress as OAuth Client
- Go to Configure OAuth tab and click Add New Application to add a new client application into your website.
- Choose your Application from the list of OAuth / OpenID Connect Providers, Here Custom Aouth 2.0 App.
- Copy the Callback URL to be used in OAuth Provider Configuration. Click Next.
- Please refer the below table for configuring the scope & endpoints in the plugin.
- Enter the Client Credentials like Client ID & Client Secret as shown in the setup dialogue box. Enter the scope value as openid profile. Click Next.
- Click on Finish to save the configuration.
| Client ID : | from the Forgerock / OpenAM application configured |
| Client Secret : | from the Forgerock / OpenAM application configured |
| Scope: | openid |
| Authorize Endpoint: | https://{Your-Domain}/openam/oauth2/authorize |
| Access Token Endpoint: | https://{Your-Domain}/openam/oauth2/access_token |
| Userinfo Endpoint: | https://{Your-Domain}/openam/oauth2/userinfo |
You have successfully configured WordPress as OAuth Client for achieving user authentication with Forgerock / OpenAM Single Sign-On (SSO) login into your WordPress Site.
3. User Attribute Mapping
- User Attribute Mapping is mandatory for enabling users to successfully Single Sign-On into WordPress using Forgerock / OpenAM SSO. We will be setting up user profile attributes for WordPress using the below settings.
- Go to Configure OAuth tab. Scroll down and click on Test Configuration.
- You will see all the values returned by Forgerock / OpenAM to WordPress in a table. If you don't see value for First Name, Last Name, Email or Username, make the required settings in your Forgerock / OpenAM application to return this information.
- Once you see all the values in Test Configuration, go to Attribute / Role Mapping tab, select attributes from Username dropdown and click on Save.
- The settings in Single Sign-On (SSO) Settings tab define the user experience for Single Sign-On (SSO). To add a Forgerock / OpenAM login widget on your WordPress page, you need to follow the below steps.
- Go to WordPress Left Panel > Appearances > Widgets.
- Select miniOrange OAuth. Drag and drop to your favourite location and save.
- Go to WordPress Left Panel > Appearances > Widgets.
- Select miniOrange OAuth. Drag and drop to your favourite location and save.
- Open your WordPress page and you can see the Forgerock / OpenAM SSO login button there. You can test the Forgerock / OpenAM Single Sign-On (SSO) now.
- Make sure the "Show on login page" option is enabled for your application. (Refer to the below image)
- Now, go to your WordPress Login page. (Eg. https://< your-wordpress-domain >/wp-login.php).
- You will see an Forgerock / OpenAM SSO login button there. Once you click the login button, you will be able to test the Forgerock / OpenAM Single Sign-On (SSO).
- Get Started with Forgerock/OpenAM
- What is OAuth 2.0?
- WordPress Single Sign-On (SSO) OAuth / OpenID Connect / JWT
- WordPress Single Sign-On (SSO) OAuth / OpenID Connect / JWT
- What is OAuth 2.0 and how does it work?
- Frequently Asked Questions (FAQs)
Finding user attributes
The following is a sample image for your reference. The attribute names can vary depending on your OAuth provider's configuration.
4. Sign In Settings
In this Guide, you have successfully configured Forgerock / OpenAM Single Sign-On (SSO) by configuring Forgerock / OpenAM as OAuth Provider and WordPress as OAuth Client using our WP OAuth Single Sign-On ( OAuth / OpenID Connect Client ) plugin.This solution ensures that you are ready to roll out secure access to your WordPress site using Forgerock / OpenAM login credentials within minutes.
Additional Resources
Mail us on oauthsupport@xecurify.com for quick guidance(via email/meeting) on your requirement and our team will help you to select the best suitable solution/plan as per your requirement.
Need Help? We are right here!
