SAML Single Sign-On (SSO) between two WordPress sites

WordPress SAML SP Single Sign-On plugin gives you the ability to use your WordPress site as Service Provider. Whereas SAML & WSFED IDP plugin gives you the ability to use your WordPress site as an Identity Provider. Here we will go through a step-by-step guide to configure SSO between two WordPress sites, one as Service Provider and the other as Identity Provider.

miniorange img Pre-requisites: Download And Installation

  • To integrate the WordPress site as an Identity Provider, you will need to install the miniOrange
    SAML & WSFED IDP plugin:

  • To integrate the WordPress site as a Service Provider, you will need to install the miniOrange WP SAML SP SSO plugin:
  • Follow the steps below to configure the SSO between two WordPress sites.

Step 1: Configure 1st Site as the Identity Provider:

  • Open the 2nd WordPress site.
  • Install and activate the SAML SP Single Sign On – SSO login plugin on your WordPress site which is
    acting as Service Provider.
  • Go to the SAML SP Single Sign-On plugin, navigate to the Service Provider Metadata tab. Here, you
    can find the Service Provider metadata such as SP Entity ID and ACS (Assertion Consumer Service)
    URL
    which is required to configure the Identity Provider.
  • wordpress saml upload metadata

    miniorange img Instructions:

  • Open the WordPress site.
  • Install and activate the SAML & WSFED IDP ( SSO using WordPress Users ) plugin on your WordPress site which is acting as Identity Provider.
  • Go to the WordPress IDP plugin, navigate to the Service Provider tab.
  • Enter the values corresponding to the information from the Service Provider. Refer to the table below.

    Service Provider Name
    Name of your Service Provider.
    SP Entity ID or Issuer Copy and paste the SP-EntityID from the Service Provider.
    ACS URL Copy and paste the ACS URL from the Service Provider.
    NameID Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
    Assertion Signed Checked
  • Okta SSO-2
  • Click on the Save button to save your configurations.
  • Go to the IDP Metadata tab. Here you can find information for configuring the Service Provider.
  • You can also download the metadata XML file, by clicking on the download link.
  • wordpress saml upload metadata
  • Open the WordPress site.
  • Install and activate the SAML & WSFED IDP ( SSO using WordPress Users ) plugin on your WordPress site which is acting as Identity Provider.
  • Go to the WordPress IDP plugin navigate to the Service Provider tab.
  • Enter the values corresponding to the information from the Service Provider. Refer to the table below.
    Service Provider Name
    Name of your Service Provider.
    SP Entity ID or Issuer Copy and paste the SP-EntityID from the Service Provider.
    ACS URL Copy and paste the ACS URL from the Service Provider.
    Select Binding type (optional) Select Use HTTP-Redirect Binding for SLO
    Single Logout URL (optional) Enter Single Logout URL given in Service Provider.
    X.509 Certificate (optional) Enter X.509 Certificate.
    NameID Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
    Response Signed Checked if you want to sign the SAML Response
    Assertion Signed Checked if you want to sign the SAML Response
    Encrypted Assertion Checked if you want to encrypt the SAML Assertion
    Okta SSO-2
  • Click on the Save button to save your configurations.

Attribute Mapping (optional) :

  • Go to the Attribute/Role mapping tab and navigate to the Attribute mapping section.
  • When the user performs SSO, the NameID value is sent to the Service Provider. This value is
    unique for every user.
  • Okta SSO-2
  • Click on the Save button to save your configuration.

User Attributes (optional) :

  • Go to the Attribute/Role mapping tab and navigate to User Attributes.
  • These are user attributes that can be sent to Service Provider
    (such as first_name and last_name).
  • You can add multiple attributes by click on "+" button.
  • Okta SSO-2
  • Click on the Save button to save your configurations.

Custom Attributes (optional) :

  • Go to the Attribute/Role mapping tab and navigate to Custom Attributes.
  • These are extra static attributes that can be sent to Service Provider.
  • You can add multiple attributes by click on "+" button.
  • Okta SSO-2
  • Click on the Save button to save your configurations.

Role Mapping (optional) :

  • Go to the Attribute/Role mapping tab and navigate to Role Mapping section.
  • User groups are the collection of users having similar access roles and capabilities.
  • To map the Roles in WordPress as user group, please enable this option.
  • You can specify the attribute under which the groups will be passed to the Service Provider.

  • Okta SSO-2
  • Click on the Save button to save your configurations.
  • Go to the IDP Metadata tab. Here you can find information for configuring the Service Provider.
  • You can also download the metadata XML file, by clicking on the download link.
  • wordpress saml upload metadata