Wordpress

SSO For Windows

Note : The information contained on this page does not create a joint venture, partnership, agency or other form of association, or an express or implied license grant by either party to the other under any patent, trademark, copyright, trade secret or other intellectual property right.

WordPress

miniOrange provides secure access to WordPress for enterprises and full control over access of applications, Single Sign On (SSO) into WordPress with one set of login credentials.

Single Sign On with NTLM/kerberos/SAML Plugin allows users in a corporate Active Directory setup to login into WordPress using their Windows Credentials. Once the user is logged in into a domain joined machine, he/she will not have to re-enter credentials in order to login into WordPress.

Step by Step guide to Setup Single Sign On for Windows :

  • SAML:

    miniOrange SAML Single Sign on (SSO) plugin acts as a SAML Service Provider which can be configured to establish the trust between the plugin and a SAML capable Identity Providers to securely authenticate the user to the WordPress site.

Click Here For Licensing Plan :

  • Step by Step guide to Setup IIS for Windows Authentication

    1. Open up command prompt in Administrative mode.
    2. Execute the following command on it:
      setspn -a HTTP/## Server FQDN## ##Domain Service Account##
    3. Open up Active Directory Users and Computers.
    4. Search for the service account which was used to create the Service Principal Name(SPN).
    5. Navigate to the Delegation tab. Select Trust this user for delegation to any service (Kerberos only).

    6. Click Apply.
    7. Open up IIS Manager and Select the site which you want to apply Windows Authentication to.
    8. Select the Application Pool for that website. Right click on it and select Advanced Settings.
    9. Use Custom Account and set the account as the service account for which delegation was enabled. You would need to enter the password of the service account as well.
    10. Navigate to the Authentication section for the website.
    11. Enable Windows Authentication and disable Anonymous Authentication.
    12. In the Configuration Editor, search for system.webServer/security/authentication/windowsAuthentication
    13. Set useKernelMode as False and useAppPoolCredentials as True.
    14. Click Apply.
    15. Open up Internet Explorer and open Internet Options.
    16. Add the FQDN of IIS Server to the list of sites in Local Intranet.
    17. Select Custom Level for the Security Zone. In the list of options, select Automatic Logon only in Intranet Zone.

 

Authentication protocol for Windows :


NTLM

NT LAN Manager (NTLM) is challenge-response based authentication protocol of Windows NT 4.0. NTLM requires user’s password to formulate a challenge-response and the client are able to prove its identities without sending the password to server.

Licensing Plan


Features \ Plans

Standard

Complete solution for a Single WP Install

$249 – One Time Payment



Premium

Complete solution for a Multi-Site WP Install + Advanced features for SSO

$449 – One Time Payment



Enterprise

Complete solution for all your Enterprise needs

$499 – One Time Payment


Contact Us

Unlimited Authentications
Basic Attribute Mapping (Username, Email, First Name, Last Name,Display Name)
Widget,Shortcode to add IDP Login Link on your site
Step-by-step guide to setup IDP
Auto-Redirect to IDP from login page
Protect your complete site (Auto-Redirect to IDP from any page)
Change SP base Url and SP Entity ID
Options to select SAML Request binding type
SAML Single Logout
Integrated Windows Authentication (supported with AD FS)
Customized Role Mapping
Auto-sync IdP Configuration from metadata
Custom Attribute Mapping (Any attribute which is stored in user-meta table)
Store Multiple IdP Certificates
Custom SP Certificate
Multi-Site Support *
Sub-site specific SSO for Multisite
Multiple IDP’s Supported **
Multi-Network SSO Support**
Custome AD Server Contact Us
Add-Ons Purchase Separately Included Included
Buddypress Attribute Mapping Add-On Contact Us Contact Us
Page Restriction Add-On Contact Us Contact Us

*This feature has a separate licensing and plugin. Please select the Multisite option on the payment page while upgrading.

**This feature has separate licensing. Contact us at info@miniorange.com to get quote for this.

If you have any doubts regarding the licensing plans, you can mail us at info@miniorange.com or submit a query using this support form

Step by Step guide to Setup NTLM SSO

  • Install Kerberos/NTLM Add-on for WordPress.
  • Enable Kerberos/NTLM login through the checkbox.
  • Open Internet Explorer. Add the WordPress host to the list of trusted sites.
  • In the Custom Level of the Trusted SItes zone, set the Authentication option to “Automatically login with current username and password”.
  • Test login from a domain joined machine.

Kerberos

Kerberos is a network authentication protocol. Its designed to provide strong authentication to client or server applications by using secret-key cryptography.

Licensing Plan


Features \ Plans

Standard

Complete solution for a Single WP Install

$249 – One Time Payment



Premium

Complete solution for a Multi-Site WP Install + Advanced features for SSO

$449 – One Time Payment



Enterprise

Complete solution for all your Enterprise needs

$499 – One Time Payment


Contact Us

Unlimited Authentications
Basic Attribute Mapping (Username, Email, First Name, Last Name,Display Name)
Widget,Shortcode to add IDP Login Link on your site
Step-by-step guide to setup IDP
Auto-Redirect to IDP from login page
Protect your complete site (Auto-Redirect to IDP from any page)
Change SP base Url and SP Entity ID
Options to select SAML Request binding type
SAML Single Logout
Integrated Windows Authentication (supported with AD FS)
Customized Role Mapping
Auto-sync IdP Configuration from metadata
Custom Attribute Mapping (Any attribute which is stored in user-meta table)
Store Multiple IdP Certificates
Custom SP Certificate
Multi-Site Support *
Sub-site specific SSO for Multisite
Multiple IDP’s Supported **
Multi-Network SSO Support**
Custome AD Server Contact Us
Add-Ons Purchase Separately Included Included
Buddypress Attribute Mapping Add-On Contact Us Contact Us
Page Restriction Add-On Contact Us Contact Us

*This feature has a separate licensing and plugin. Please select the Multisite option on the payment page while upgrading.

**This feature has separate licensing. Contact us at info@miniorange.com to get quote for this.

If you have any doubts regarding the licensing plans, you can mail us at info@miniorange.com or submit a query using this support form

Step by Step guide to Setup Kerberos

  1. Install and enable the Apache mod_auth_kerb module.
  2. Generate a keytab file by running the command on the AD Domain Controller.

    ktpass -princ HTTP/@ -pass . -mapuser \ -Ptype KRB5_NT_PRINCIPAL -out
  3. Make sure that the Service Account used above is trusted for delegation. You can check that by searching that user in AD and going to the Delegation tab in the user properties.
  4. Put the keytab file on the server hosting the website.
  5. Edit the /etc/krb5.conf. The default_realm name should be in Uppercase.Set the following configuration:

    [libdefaults]
    default_realm = DOMAIN.COM
    [realms]
    DOMAIN.COM = {
    admin_server =
    kdc =
    }
  6. In apache configuration, add the following for the WordPress root


    AuthType Kerberos
    KrbAuthRealms DOMAIN.COM
    KrbServiceName HTTP
    Krb5Keytab
    KrbMethodNegotiate on
    KrbMethodK5Passwd on
    require valid-user

  7. Restart Apache.
  8. Install Kerberos/NTLM Add-on for WordPress
  9. Enable Kerberos/NTLM login through the checkbox.
  10. Open Internet Explorer. Add the WordPress host to the list of trusted sites.
  11. In the Custom Level of the Trusted SItes zone, set the Authentication option to “Automatically login with current username and password”.
  12. Test login from a domain joined machine.