Single Sign-On (SSO) with Moodle as SP and WordPress as IDP

Login using WordPress Users ( WP as SAML IDP ) plugin gives you the ability to use your WordPress (WP) site as an Identity Provider (IdP). Whereas miniOrange SAML SSO plugin gives you the ability to use your Moodle site as Service Provider. Here we will go through a step-by-step guide to configure Single Sign-On (SSO) between WordPress (WP) sites as an Identity Provider (IdP) and Moodle as Service Provider (SP).

miniorange img Pre-requisites: Download And Installation

To integrate the WordPress (WP) site as a SAML Identity Provider, you will need to install the Login using WordPress Users ( WP as SAML IDP ) plugin:

Follow the steps below to configure the Single Sign-On (SSO) between WordPress as IDP and Moodle as SP

Step 1: Configure Wordpress Site as the Identity Provider:

Open the Moodle site.
Install and activate the miniOrange SAML SSO plugin on your Moodle site which is
acting as Service Provider.
Go to the miniOrange SAML SSO plugin, navigate to the Service Provider Metadata tab. Here, you
can find the Service Provider metadata such as SP Entity ID , ACS (Assertion Consumer Service)
URL, Audience URI and NameID format which is required to configure the Identity Provider.

WordPress SAML Single Sign-On (SSO) upload metadata

miniorange img Instructions:

Free
Premium

Free

Open the WordPress site.
Install and activate the Login using WordPress Users ( WP as SAML IDP ) plugin on your WordPress site which is acting as Identity Provider.
Go to the WordPress IDP plugin, navigate to the Service Provider tab.

Enter the values corresponding to the information from the Service Provider. Refer to the table below.

Service Provider Name	Name of your Service Provider.
SP Entity ID or Issuer	Copy and paste the SP-EntityID from the Service Provider.
ACS URL	Copy and paste the ACS URL from the Service Provider.
NameID Format	urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
Assertion Signed	Checked

Click on the Save button to save your configurations.
Go to the IDP Metadata tab. Here you can find information for configuring the Service Provider.
You can also download the metadata XML file, by clicking on the download link.

Premium

Open the WordPress site.
Install and activate the Login using WordPress Users ( WP as SAML IDP ) plugin on your WordPress site which is acting as Identity Provider.
Go to the WordPress IDP plugin navigate to the Service Provider tab.

Enter the values corresponding to the information from the Service Provider. Refer to the table below.

Service Provider Name	Name of your Service Provider.
SP Entity ID or Issuer	Copy and paste the SP-EntityID from the Service Provider.
ACS URL	Copy and paste the ACS URL from the Service Provider.
Select Binding type (optional)	Select Use HTTP-Redirect Binding for SLO
Single Logout URL (optional)	Enter Single Logout URL given in Service Provider.
X.509 Certificate (optional)	Enter X.509 Certificate.
NameID Format	urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
Response Signed	Checked if you want to sign the SAML Response
Assertion Signed	Checked if you want to sign the SAML Response
Encrypted Assertion	Checked if you want to encrypt the SAML Assertion

Click on the Save button to save your configurations.

Attribute Mapping (optional) :

Go to the Attribute/Role mapping tab and navigate to the Attribute mapping section.
When the user performs SSO, the NameID value is sent to the Service Provider. This value is
unique for every user.

Click on the Save button to save your configuration.

User Attributes (optional) :

Go to the Attribute/Role mapping tab and navigate to User Attributes.
These are user attributes that can be sent to Service Provider
(such as first_name and last_name).
You can add multiple attributes by click on "+" button.

Click on the Save button to save your configurations.

Custom Attributes (optional) :

Go to the Attribute/Role mapping tab and navigate to Custom Attributes.
These are extra static attributes that can be sent to Service Provider.
You can add multiple attributes by click on "+" button.

Click on the Save button to save your configurations.

Role Mapping (optional) :

Go to the Attribute/Role mapping tab and navigate to Role Mapping section.
User groups are the collection of users having similar access roles and capabilities.
To map the Roles in WordPress as user group, please enable this option.
You can specify the attribute under which the groups will be passed to the Service Provider.

Click on the Save button to save your configurations.
Go to the IDP Metadata tab. Here you can find information for configuring the Service Provider.
You can also download the metadata XML file, by clicking on the download link.

Step 2: Configuring Moodle site as Service Provider

We will go through the steps to setup Moodle as a Service Provider. Here, we will be adding the IdP metadata to configure the plugin.

Free
Premium

Free

In the miniOrange SAML SSO plugin, go to the Service Provider Setup tab of the plugin. There are two ways to configure the plugin:

A. By uploading IDP metadata:

Click on the Upload IDP metadata button.
Enter the Identity Provider Name.
You can copy and paste the IdP metadata XML file and click on the Upload Metadata button or use a metadata URL and click on Fetch Metadata.

B.Manual Configuration:

Provide the required settings (i.e. Identity Provider Name, IdP Entity ID or Issuer, SAML Login URL, X.509 Certificate) as provided by your Identity Provider.
Click on the Save button to save your configuration.

Step 3: Attribute Mapping

When the user performs SSO, the NameID value is sent by the Identity Provider. This value is unique for every user.
To assign by which attribute value the user should authenticate or create, select Email (default) or Username in Login/Create Moodle account by:
For the plugin to access these attributes, assign the values for Email and Username as 'NameID' (without quotes).
Click on the Save button to save your configuration.

Step 4: Role Mapping

In the free plugin, you can choose a default role that will be assigned to all the non-admin users when they perform SSO. [NOTE: Roles will be assigned to new users created by SSO. Existing Moodle users’ roles will not be affected.]
Go to the Attribute/Role Mapping tab and navigate to the Role Mapping section.
Select the Default Role and click on the Save button to save your configuration.

Step 5: SSO Settings

In the plugin, you can add a login widget to enable SP-Initiated SSO on your site.
Go to the Plugins >> Authentication >> Manage authentication.
Click on the to enable the plugin visibility.
Click on the ⬆ to set plugin preference.

Premium

In the miniOrange SAML SSO plugin, go to the Service Provider Setup tab of the plugin. There are two ways to configure the plugin:

A. By uploading IDP metadata:

Click on Upload IDP metadata button.
Enter the Identity Provider Name
You can copy and past IdP metadata XML file and click on Upload Metadata button or use a metadata URL and click on Fetch Metadata.

B.Manual Configuration:

Provide the required settings (i.e. Identity Provider Name, IdP Entity ID or Issuer, SAML Login URL, X.509 Certificate) as provided by your Identity Provider.
Click on the Save button to save your configuration.

Step 3: Attribute Mapping

When the user performs SSO, the NameID value is sent by the Identity Provider. This value is unique for every user.
To assign by which attribute value user should authenticate or create select Email or Username in Login/Create Moodle account by:
For the plugin to access these attribute assign the Email and Username attribute.
Addtionally user attributes can be mapped (such as Firstname and Lastname).
Click on the Save button to save your configuration.

Step 4: Custom Attribute Mapping:

This feature allows you to map custom attribute sent by the IDP to the Moodle attributes.
You can add multiple attributes by click on "+" button.
Click on the Save button to save your configurations.

Step 5: Role Mapping

This feature allows you to assign and manage roles of the users when they perform SSO. Along with the default Moodle roles, this is compatible with any custom roles as well.
Group/Role attribute will provide a mapping for the field name which contains role-related information sent by the IDP and will be used for Role Mapping.
Navigate to role mapping section and provide the mappings for the respective roles.
For example, If you have a user whose Group/Role attribute value is idp-teacher and you want to assign it to the teacher group then, just provide idp-teacher in the Teacher: field of Role mapping section.
Click on the Save button to save your configurations.

Step 6: SSO settings

In the plugin you can add a login widget to enable SP-Initiated SSO on your site.
Click on Click here link which will redirect to the Manage authentication menu

Click on the to enable the plugin visibility.
Click on the ⬆ to set plugin preference.

To enable auto-redirect from Moodle login page to WordPress site .
Click on the Enable Auto-redirect to IDP from Moodle login page.
Note down Backdoor URL it will be useful when SSO fails.
Click on the Save button to save your configuration.

Pre-requisitesDownload And Installation
Step 1Configure WordPress as IdP
Step 2Configure Moodle as SP

If you are looking for anything which you cannot find, please drop us an email on samlsupport@xecurify.com

Guide to Configure Single Sign-On (SSO) between WordPress as IDP and Moodle as SP

Step 1: Configure Wordpress Site as the Identity Provider:

Free

Premium

Attribute Mapping (optional) :

User Attributes (optional) :

Custom Attributes (optional) :

Role Mapping (optional) :

Step 2: Configuring Moodle site as Service Provider

Free

Step 3: Attribute Mapping

Step 4: Role Mapping

Step 5: SSO Settings

Premium

Step 3: Attribute Mapping

Step 4: Custom Attribute Mapping:

Step 5: Role Mapping

Step 6: SSO settings

Contents

STAY CONNECTED

Product

Solutions

Why miniorange

Company