Search Results :


Shibboleth-2 as Idp for wordpress

Shibboleth-2 Single Sign-On(SSO) login for WordPress can be achieved by using our WordPress SAML Single Sign-On(SSO) plugin. Our plugin is compatible with all the SAML compliant Identity providers. Here we will go through a step-by-step guide to configure SSO login between Wordpress site and Shibboleth-2 by considering Shibboleth-2 as IdP(Identity provider) and WordPress as SP(Service provider).

miniorange img Pre-requisites : Download And Installation

To configure Shibboleth-2 as SAML IdP with WordPress, you will need to install the miniOrange WP SAML SP SSO plugin:

Steps to configure Shibboleth-2 Single Sign-On (SSO) Login into WordPress(WP):

Step 1: Setup Shibboleth-2 as IdP (Identity Provider)

Follow the steps below to configure Shibboleth-2 as IdP

miniorange img  Configure Shibboleth-2 as IdP

  • In the miniOrange SAML SP SSO plugin, navigate to Service Provider Metadata tab. Here, you can find the SP metadata such as SP Entity ID and ACS (AssertionConsumerService) URL which are required to configure the Identity Provider.
  • Configure Shibboleth-2 as IDP - SAML Single Sign-On(SSO) for WordPress - Shibboleth-2 SSO Login wordpress saml upload metadata
  • In conf/relying-party.xml, configure Service Provider like this
  • <MetadataProviderxsi:type="InlineMetadataProvider" xmlns="urn
    :mace:shibboleth:2.0:metadata" id="MyInlineMetadata">
    .0:metadata" entityID="<ENTITY_ID_FROM_PLUGIN>">
    WantAssertionsSigned="true" protocolSupportEnumeration=
            < urn:oasis:names:tc:SAML:1
            <md:AssertionConsumerService Binding="urn
              Location="<ACS_URL_FROM_PLUGIN>" index="1"/>
  • Make sure your Shibboleth server is sending Email Address of the user in Name ID. In attribute-resolver.xml, get the email attribute as Name ID:
  • <resolver:AttributeDefinitionxsi:type="ad:Si
    mple" id="email" sourceAttributeID="mail">
       <resolver:Dependency ref="ldapConnector" />
    StringNameID" nameFormat="urn:oasis:names:tc:SAML:1.1:
  • In attribute-filter.xml, release the email attribute:
  • <afp:AttributeFilterPolicy id="releaseTransientIdToAnyone">
  • Restart the Shibboleth Server.
  • You need to configure these endpoints in the Service Provider.
  • IDP Entity ID https://<your_domain>/idp/shibboleth
    Single Login URL https://<your_domain>/idp/profile/SAML2/Redirect/SSO
    X.509 Certificate The public key certificate of your Shibboleth server
Hello there!

Need Help? We are right here!

Contact miniOrange Support

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to