SimpleSAML as Idp for wordpress

Step 1: Setup SimpleSAML as Identity Provider

  • In the miniOrange SAML SP SSO plugin, navigate to Service Provider Metadata tab. Here, you can find the SP metadata such as SP Entity ID and ACS (AssertionConsumerService) URL which are required to configure the Identity Provider.
  • wordpress saml upload metadata
  • In config/config.php, make sure that 'enable.saml20-idp' is true. Example: ‘enable.saml20-idp’ => true
  • In metadata/saml20-idp-hosted.php, configure SimpleSAML as an Identity Provider like this: $metadata['__DYNAMIC:1__'] = array(
        'host' => '__DEFAULT__',
        /* X.509 key and certificate. Relative to the cert directory.*/
        'privatekey' => '<YOUR_PRIVATE_KEY_FILE_NAME>',
        //eg. RSA_Private_Key.pem 'certificate' => '<YOUR_PUBLIC_KEY_FILE_NAME>',
        //eg. RSA_Public_Key.cer
        /* Authentication source to use. Configured in 'config/authsources.php'. */
        'auth' => '<YOUR_AUTH_SOURCE_NAME>',
    );
  • In metadata/saml20-sp-remote.php, register your Servider Provider like this:

    /* Replace example.com with your wordpress domain name. */
    $metadata['https://example.com/wp-content/plugins/miniorange-saml-20-single-sign-on/'] = array(
        'AssertionConsumerService' => 'https://example.com/',
        'SingleLogoutService'      => 'https://example.com/',
        'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
        'simplesaml.nameidattribute' => 'mail',
        'simplesaml.attributes'      => true, 
        'attributes' => array('mail', 'givenname', 'sn', 'memberOf'),
    );