OpenAM as IDP for WordPress SSO
OpenAM Single Sign-On(SSO) login for WordPress can be achieved by using our WordPress SAML Single Sign-On(SSO) plugin. Our plugin is compatible with all the SAML compliant Identity providers. Here we will go through a step-by-step guide to configure SSO login between Wordpress site and OpenAM by considering OpenAM as IdP(Identity provider) and WordPress as SP(Service provider).
Pre-requisites : Download And Installation
To configure ForgeRock OpenAM as SAML IdP with Wordpress, you will need to install the miniOrange WP SAML SP SSO plugin:
Steps to configure OpenAM Single Sign-On (SSO) Login into WordPress
Step 1: Setup OpenAM as idp(Identity Provider)
All the information required to configure OpenAM as IdP i.e. plugin’s metadata is given in the Service Provider Info tab of the miniOrange plugin.
Create OpenAM as a Hosted Identity Provider- In the miniOrange SAML SP SSO plugin, navigate to Service Provider Metadata tab. Here, you can find the SP metadata such as SP Entity ID and ACS (AssertionConsumerService) URL which are required to configure the Identity Provider.
- Login to the OpenAM admin console.
- From the REALMS page, select the realm under which you want to create the SAML application. You will be redirected to the Realm overview page.
-
Click on Create SAMLv2 Providers in the Realm Overview page.
-
Click on Create Hosted Identity Provider. You will be redirected to the configuration page.
-
Configure SAML IDP as given below:
- Name: Name of the SAML IDP
- Signing Key: Select the Signing key from the dropdown.
- New Circle of Trust: Provide a name of the groups of IDP and SP that trust each other.
- Attribute Mapping: Configure user profile attributes to be sent to the Service Provider application.
- Click on the Configure button on the top right corner.
Configure Remote Service Provider- Go to OpenAM admin dashboard and open Realm Overview page.
-
Click on Create SAMLv2 Providers.
-
Now click on Register Remote Service Provider. You will be redirected to the configuration page.
-
Configure the Service Provider as given below:
- Where does the metadata file reside: URL
- URL of metadata: Paste the miniOrange plugin’s Metadata URL here. You can get it from the Service Provider Metadata tab
- Circle of Trust: Add to existing
- Existing Circle of Trust: Select the Circle of Trust (group) in which your hosted IDP is located
-
Attribute Mapping: Configure user profile attributes for mapping.
- Click on the Configure button on the top right corner and then click on OK button.
- Verify the configuration of IdP and SP from the Federation tab of OpenAM.
-
You can download the OpenAM IdP metadata using the URL given below.
- For Single Realm: [OpenAM ServerURL]/saml2/jsp/exportmetadata.jsp
- For Multiple realms:
[OpenAM ServerURL]/saml2/jsp/exportmetadata.jsp?entityid=[IdPentityID]&realm=/realmname
- Keep the IDP Metadata handy as it will be used in configuring the miniOrange Plugin.
Need Help? We are right here!
