Gluu Server as IDP for WordPress SSO

 Configure Gluu Server as IdP

• In the miniOrange SAML SP SSO plugin, navigate to Service Provider Metadata tab. Here, you can find the SP metadata such as SP Entity ID and ACS (AssertionConsumerService) URL which are required to configure the Identity Provider.

Note: In order to support SAML SSO, the Gluu Server must include the Shibboleth SAML IDP.


• Login to Gluu server Admin Console.
• From the navigation panel, click on SAMLAdd Trust Relationships.



• Configure the following in Trust Relationship Form:
  • Display Name: WordPress SAML App (Enter any name for identifying the application)
  • Description: Provide a suitable description for you application
  • Entity Type: Single SP
  • Metadata Location: File
  
• From the Service Provider Metadata tab in the plugin, download the Metadata XML File.
• Upload the Metadata file in SP Metadata File.
• Now tick the Configure Relying Party checkbox and click on Configure Relying Party link.

• You will be shown the Relying Party Configurations page.
• From Available Profile Configurations, select SAML2SSO and click on Add to add SAML2SSO to Selected Profile Configurations.
• In SAML 2 SSO Profile, configure the following:

  signAssertions	Never
  signRequests	Conditional
  encryptAssertions	Conditional
  defaultAuthenticationMethods	None
  Support Unspecified NameId Format	Tick the checkbox

• From Available NamedId Formats, select urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress and urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified and add it to the Selected NamedId Formats.
• Click on Save button.

• From the Release Additional Attributes section on the right, add the attributes you want to send to the Service Provider.
• Click on Update button.

• Gluu's SAML IDP metadata can be found at https://HOSTNAME/idp/shibboleth. This will be required to configure the plugin in Service Provider.