Hong Kong Access Federation (HKAF) is Hong Kong’s leading identity broker. HKAF enables access to online resources for the Education and Research sector. The HKAF has facilitated trusted electronic communications and collaboration between education and research institutions, locally and internationally.
Users are able to access federation services using a single user account and password. Affiliated users can employ the user IDs assigned to them by their home universities to access and use numerous services instead of having to maintain and use different accounts.
miniOrange providers Single Sign On solution with Hong Kong Access Federation on your Wordpress site. Using this, your site can be integrated with Hong Kong Access Federation and your users will be able to access your site using their HKAF registered institution's credentials.
How miniOrange SAML 2.0 Single Sign-On Plugin works with Hong Kong Access Federation ?
Our Plugin works in this way:
- First, the user clicks on Login with HKAF button. This will redirect them to HKAF's discovery service, using which the users can select their home institutions.
- The discovery service sends some information to the plugin (This info is used by the plugin to identify which Institution was selected by the user).
- The plugin creates a SAML Authentication request and sends it to the Identity Provider associated with the selected institution.
- The user can see their institution's login page. After successful authentication with their institution, the user gets redirected and logged in to the Wordpress website.
- In the my.cnf/my.ini file of your server, increase the max_allowed_packet value such that it would be more than the size of the metadata file. (Since the HKAF IDP-only metadata file is of 44M, you can set the max_allowed_packet value to 50M)
- For large metadata files(greater than 2M), use the metadata URL. File upload for large files won’t work.
Configure the HKAF Federation
- You need to provide the miniorange entityID to the HKAF discovery service so that the discovery service can recognize the requests coming from the miniOrange plugin. The entityID for the miniOrange plugin can be found in the Service Provider Metadata tab of the plugin.
- You can provide the SP metadata to the HKAF discovery service which can be downloaded from the metadata URL given in Service Provider Metadata tab.
- After this, your users will be able to login to your site with their respective universities using the miniOrange plugin.
Attribute / Role Mapping
- Using the Attribute/Role Mapping tab, you can assign different roles to different users and also map their attributes received from the IDP.
- You can configure IDP specific mapping as well as IDP-wide mapping using the Default Mapping option.
Hong Kong Access Federation - SSO Authentication Flow
- After configuring the plugin, you should see the Login with Hong Kong Access Federation button on the WordPress login page. Click on this button to redirect to the HKAF discovery service.
- From the HKAF discovery service, select your home institution and click on next button.
- You will be redirected to the selected institution's login page for authentication.
- After successful authentication, you will be redirected and logged in to the wordpress site.
WordPress SAML Plugin
Hong Kong Access Federation
Hong Kong Access Discovery Service
If you don't find what you are looking for, please contact us at firstname.lastname@example.org or call us at +1 978 658 9387 to find an answer to your question about Hong Kong Access Federation.