Gluu Server as IDP for WordPress SSO

WordPress SAML SP Single Sign-On plugin gives the ability to enable SAML Single Sign-On for your Wordpress sites. Our plugin is compatible with all the SAML compliant Identity providers. Here we will go through a step-by-step guide to configure SSO between Wordpress site and Gluu Server by considering Gluu Server as IdP.

miniorange img Pre-requisites : Download And Installation

To configure Gluu Server as SAML IdP with WordPress, you will need to install the miniOrange WP SAML SP SSO plugin:

Step 1: Setup Gluu Server as Identity Provider

Follow the steps below to configure Gluu Server as IdP

miniorange img Configure Gluu Server as IdP

  • In the miniOrange SAML SP SSO plugin, navigate to Service Provider Metadata tab. Here, you can find the SP metadata such as SP Entity ID and ACS (AssertionConsumerService) URL which are required to configure the Identity Provider.
  • wordpress saml upload metadata
    Note: In order to support SAML SSO, the Gluu Server must include the Shibboleth SAML IDP.

  • Login to Gluu server Admin Console.
  • From the navigation panel, click on SAMLAdd Trust Relationships.
  • Gluu Server SSO

  • Configure the following in Trust Relationship Form:
    • Display Name: WordPress SAML App (Enter any name for identifying the application)
    • Description: Provide a suitable description for you application
    • Entity Type: Single SP
    • Metadata Location: File
    • Gluu Server SSO
  • From the Service Provider Metadata tab in the plugin, download the Metadata XML File.
  • Upload the Metadata file in SP Metadata File.
  • Now tick the Configure Relying Party checkbox and click on Configure Relying Party link.
  • Gluu Server SSO
  • You will be shown the Relying Party Configurations page.
  • From Available Profile Configurations, select SAML2SSO and click on Add to add SAML2SSO to Selected Profile Configurations.
  • In SAML 2 SSO Profile, configure the following:
    signAssertions Never
    signRequests Conditional
    encryptAssertions Conditional
    defaultAuthenticationMethods None
    Support Unspecified NameId Format Tick the checkbox
  • From Available NamedId Formats, select urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress and urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified and add it to the Selected NamedId Formats.
  • Click on Save button.
  • Gluu Server SSO
  • From the Release Additional Attributes section on the right, add the attributes you want to send to the Service Provider.
  • Click on Update button.
  • Gluu Server SSO
  • Gluu's SAML IDP metadata can be found at https://HOSTNAME/idp/shibboleth. This will be required to configure the plugin in Service Provider.