Search Results :

×

Additional configuration for WordPress Salesforce Single Sign-On


Once the WordPress Salesforce SSO has been configured, you can proceed with some additional configuration steps to make the most out of WP Single Sign-On. This includes steps for Advanced & Custom Attribute Mapping, Group & Role Mapping, Single Logout, and more.

Attribute Mapping

  • In the Service Provider Setup tab, after metadata exchange click on Test Connection.
  • After performing SSO, the default attributes will be sent from Salesforce and will be available for Attribute Mapping.
  • There are certain default attributes that are sent from the Salesforce side for every connection that are listed in the table.

  • Attribute Mapping | WP Salesforce SSO configuration

Adding extra Attributes on the Salesforce Side:

  1. Switch to Salesforce Lightning mode from profile menu and then go to the Setup page by clicking on setup button.
  2. In the left column, click on Apps => Connected Apps => Manage Connected Apps.

  3. Attribute Mapping | WP Salesforce SSO configuration
  4. Then click on your created app and scroll down to Custom Attributes.
  5. Click on New.

  6. Attribute Mapping | WP Salesforce SSO configuration
  7. Fill attribute Key with custom attribute name.
  8. Click on the Insert Field button and add the attributes.
  9. Click on the Save button.

  10. Attribute Mapping | WP Salesforce SSO configuration
  11. Navigate to the Service Provider Setup Tab, there click on Test Connection.
  12. A popup window will appear. If your connection is successful then the list of attributes mapped and the custom attribute will be displayed.

  13. Attribute Mapping | WP Salesforce SSO configuration

Configure Advanced & Custom Attribute Mapping

  • Write your custom attribute name in Custom Attribute Name input box, select the attribute from IDP using the dropdown in the Attribute Name from IDP field
  • The Custom Attribute Name would be the key name in the user-meta table of WordPress.
  • The Display Attribute Toggle shows the value of the user-meta key in the Users table of the WordPress site.

  • Custom Attribute Mapping | WP Salesforce SSO configuration
  • You can add new attributes using ADD Attribute button.
  • And then, click on Save button to save the configurations.

Setting up Role Mapping

  • The Attribute Mapping section also provides mapping for fields named Group/Role.
  • This attribute will contain the role-related information sent by the Identity Provider (i.e, Salesforce).
  • The roles are allocated to specific users on the bases of their roles/groups at the time of login.
  • The value of this attribute which is mapped to Group/Role will be considered in the Role Mapping section.

  • Role Mapping | WP Salesforce SSO configuration
  • Values of selected Group/Roles of respective users can be placed in the input box of different default Roles which have to be assigned to the respective user.

  • Role Mapping | WP Salesforce SSO configuration
  • For Example:
    1. Select Group/Role.

    2. Role Mapping | WP Salesforce SSO configuration
    3. Now the User with this particular User Id will get a subscriber role during SSO in WordPress website.

    4. Role Mapping | WP Salesforce SSO configuration

Signed SSO Requests

  • For Signed SSO Requests, enable the Sign SSO & SLO Requests toggle in the Service Provider Setup tab in the plugin.

  • Signed Request plugin | WP Salesforce SSO configuration
  • Download the SP Certificate from the Service Provider Metadata tab.

  • Signed SSO Requests | WP Salesforce SSO configuration
  • Now navigate to the Salesforce platform.
  • In the left column, click on Apps => Connected Apps => Manage Connected Apps.
  • Then, click on your app and on Edit Policies.
  • Scroll down to SAML Service Provider Settings and there you will find the Verify Requests Signatures check box.

  • Signed SSO Requests | WP Salesforce SSO configuration
  • After enabling this option, upload the SP certificate by Choose File button.
  • And then, click on Save button to save the configurations.

  • Signed SSO Requests | WP Salesforce SSO configuration

Configuring Single Logout (SLO)

  • For enabling the SAML Logout URL option you can navigate to the left column, and click on Apps => Connected Apps => Manage Connected Apps.
  • Then, go to your app and click on Edit Policies.
  • Scroll down to SAML Service Provider Settings and there you will find the Enable Single Logout check box.
  • After enabling this option, fill the Single logout URL input field with the Single Logout URL from the Service Provider Metadata tab in the plugin.
  • Enable the option Verify Request Signatures and upload the certificate downloaded from Service Provider Metadata tab.
  • And then, click on Save button to save the configurations.

  • Single Logout | WP Salesforce SSO configuration

How to Encrypt your SAML Assertion

  • For Salesforce As Identity Provider you need to enable the encryption while creating the application itself (App Manager => New Connected App).
  • Scroll down to the Web App Settings and check the Enable Saml option.
  • Then, enable the Encrypt SAML Response option.

  • Encrypt SAML Assertion | WP Salesforce SSO configuration
  • Now upload the certificate downloaded from Service Provider Metadata tab using the Choose File button.

  • Encrypt SAML Assertion | WP Salesforce SSO configuration

Conclusion

Setting up additional configuration for Advanced & Custom Attribute Mapping, Group & Role Mapping, Single Logout along with SSO allows you to maximize efficiency and user identity management from your IDP to your WordPress site.

Common Salesforce Troubleshooting Resources

Hello there!

Need Help? We are right here!

support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com

Hello there!

Need Help? We are right here!

support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com