OpenAM as IDP for WordPress SSO

WordPress SAML SP Single Sign-On plugin gives the ability to enable SAML Single Sign-On for your Wordpress sites. Our plugin is compatible with all the SAML compliant Identity providers. Here we will go through a step-by-step guide to configure SSO between Wordpress site and OpenAM by considering OpenAM as IdP.

miniorange img  Pre-requisites : Download And Installation

To configure ForgeRock OpenAM as SAML IdP with Wordpress, you will need to install the miniOrange WP SAML SP SSO plugin:

Step 1: Setup OpenAM as Identity Provider

All the information required to configure OpenAM as IdP i.e. plugin’s metadata is given in the Service Provider Info tab of the miniOrange plugin.

miniorange img  Create OpenAM as a Hosted Identity Provider
  • In the miniOrange SAML SP SSO plugin, navigate to Service Provider Metadata tab. Here, you can find the SP metadata such as SP Entity ID and ACS (AssertionConsumerService) URL which are required to configure the Identity Provider.
  • WordPress Single Sign-On (SSO)SAML upload metadata
  • Login to the OpenAM admin console.
  • From the REALMS page, select the realm under which you want to create the SAML application. You will be redirected to the Realm overview page.
  • Click on Create SAMLv2 Providers in the Realm Overview page.

    SAML Single Sign-On (SSO) using OpenAM Identity Provider (IdP), Create SAMLv2 provider
  • Click on Create Hosted Identity Provider. You will be redirected to the configuration page.

    SAML Single Sign-On (SSO) using OpenAM Identity Provider (IdP), Create Hosted Identity Provider
  • Configure SAML IDP as given below:

    • Name: Name of the SAML IDP
    • Signing Key: Select the Signing key from the dropdown.
    • New Circle of Trust: Provide a name of the groups of IDP and SP that trust each other.
    • Attribute Mapping: Configure user profile attributes to be sent to the Service Provider application.

    • SAML Single Sign-On (SSO) using OpenAM Identity Provider (IdP), Add Metadata and Attribute mapping
  • Click on the Configure button on the top right corner.
  • SAML Single Sign-On (SSO) using OpenAM Identity Provider (IdP),Create SAMLv2 IdP on server
miniorange img  Configure Remote Service Provider
  • Go to OpenAM admin dashboard and open Realm Overview page.
  • Click on Create SAMLv2 Providers.

    SAML Single Sign-On (SSO) using OpenAM Identity Provider (IdP),Configure remote service provider SAMLv2
  • Now click on Register Remote Service Provider. You will be redirected to the configuration page.

    SAML Single Sign-On (SSO) using OpenAM Identity Provider (IdP),Register Remote Service Provider
  • Configure the Service Provider as given below:

    • Where does the metadata file reside: URL
    • URL of metadata: Paste the miniOrange plugin’s Metadata URL here. You can get it from the Service Provider Metadata tab
    • Circle of Trust: Add to existing
    • Existing Circle of Trust: Select the Circle of Trust (group) in which your hosted IDP is located
    • Attribute Mapping: Configure user profile attributes for mapping.

      SAML Single Sign-On (SSO) using OpenAM Identity Provider (IdP), Click ok after verifying IDP and SP from federation
  • Click on the Configure button on the top right corner and then click on OK button.
  • OpenAM sso-6
  • Verify the configuration of IdP and SP from the Federation tab of OpenAM.
  • You can download the OpenAM IdP metadata using the URL given below.
    • For Single Realm: [OpenAM ServerURL]/saml2/jsp/exportmetadata.jsp
    • For Multiple realms:
      [OpenAM ServerURL]/saml2/jsp/exportmetadata.jsp?entityid=[IdPentityID]&realm=/realmname
  • Keep the IDP Metadata handy as it will be used in configuring the miniOrange Plugin.