WordPress WooCommerce SSO Integration with Keycloak for User Sync

Single Sign-On fulfils the most basic requirement of authentication with a single set of credentials in any business environment, increasing the efficiency in maintaining user data. Here, we will explore one real-life case where users SSO in the Woocommerce WordPress site and a sync is required to create users in Keycloak (IDP). The WordPress SAML SSO Plugin enables secure authentication and provides Attribute and Role Mapping that allows syncing/mapping of user-profiles from the Keyclaok (IDP) to WooCommerce profile fields and also assigns roles based on the user's group.

Scenario

You have a WordPress site to sell discount coupons for courses on an external LMS platform, and your users are stored in Keycloak.

• Woocommerce is installed on the WordPress site for selling discount coupons
• Keycloak is the Identity Provider i.e. users are stored in Keycloak
• Users register on the Woocommerce site for purchasing discount coupons of LMS courses

Requirements

1. WooCommerce Single Sign-On (SSO): Single Sign-On in Woocommerce site for users so that users can use their Keycloak credentials to login into Woocommerce for purchasing discount coupons. If the user is already logged into the LMS platform, Woocommerce SSO would allow users to access the Woocommerce discount coupons without entering credentials again for authentication.
2. WooCommerce User Sync to Keycloak: Sync users into Keycloak that register on the WooCommerce site during checkout. This allows the users to access the LMS platform using the same credentials.

Components involved

1. WordPress SAML SSO Plugin - The WordPress SAML SSO Plugin is used to authenticate (Single Sign-On) users, and enables them to log into the WooCommerce site using Keycloak as their Identity Provider.

SAML Single Sign On – SAML SSO Login
By miniOrange
(135)
WordPress Single Sign On SSO login with Azure, Azure B2C, Okta, ADFS, Keycloak, Salesforce, Ping, Onelogin, Gsuite, Shibboleth & many SAML IDPs [24/7 SUPPORT]
 Tested with 5.8.2
Get this plugin


2. Keycloak User Sync Plugin - The miniOrange Woocommerce Keycloak User Sync add-on allows the creation of user accounts in Keycloak when a new user creates an account in WordPress while checking out an order from the Woocommerce checkout page.

Keycloak User Sync Plugin
By miniOrange
[24/7 SUPPORT]
 Tested with 5.8.2
Contact Us

Solution

When the user reaches the checkout page before making the purchase, one of the following two scenarios can take place before completing the transaction:

1. Users Register in WooCommerce

• With the help of the guest user option in WooCommerce, new accounts can be created at checkout.



• When an unregistered user tries to purchase a discount coupon on WooCommerce, the user first registers on the WordPress WooCommerce site.
• For registration, the user provides their personal information and an account is created for the user in WordPress during the checkout process.
• After the creation of the WordPress account, with the help of Clients Grant Configuration in Keycloak User Sync, an access token is obtained from Keycloak to sync users.
• A Keycloak account for the user is created with identical attributes, using the Keycloak User Sync plugin.
• The user is then assigned to a pre-existing group in Keycloak.

2. User logs in using Keycloak

• Once the user account is registered in WooCommerce, the user can SSO into the WordPress site using Keycloak as their Identity Provider.
• If the user wishes to make a purchase again he/she will have an option to select Keycloak to login into the WooCommerce site on its login page.
• With the help of the SAML SSO Plugin returning users will have an option to Single Sign-On into WooCommerce with the help of IDP.
• If the user has an active session on Keycloak, the user will be authenticated and redirected to the checkout page.
• If the user is logged out of Keycloak i.e. the user does not have an active session in Keycloak, they will be redirected to the Keycloak login page to authenticate themselves.

How to Setup Keycloak User Sync with WooCommerce

Pre-requisite: Setup WordPress SAML SSO Plugin

To setup Single Sign-On with WordPress as your Service Provider and Keycloak as the Identity Provider follow the steps from the setup guide given here.

Setup Keycloak User Sync with WooCommerce

To setup User Sync from WooCommerce to Keycloak follow the steps given below:

1. Setting up Keycloak client

• Login to your Keycloak server as an Administrator.

Adding Roles:

• Navigate to your realm and click on Roles. Click Add button.
  

Note: If your realm name has a space in it then API requests break so ensure that it does not have space.

• Enter Role Name as create-realm and in Description field enter ${role_create-realm} click Save.


• Now go back to Roles and again click on Add.
• Enter Role Name as admin description as ${role_admin} and click save.
• Enable the Composite Roles toggle a new section will appear at the bottom.
• Select and add the create-realm role to be associated with the admin role.

Creating Client:

• Navigate to your realm > Clients and click on Create to create a new client.


• Enter a Client Id for your client and select Client Protocol as openid-connect and click Save (do not include any whitespaces in the Client ID).



After clicking save multiple configuration settings will appear, scroll down and apply the following client configurations and press save:

• Client Protocol: openid-connect
• Access Type: confidential
• Direct Access Grants Enabled: ON
• Service Accounts Enabled: ON

Applying Roles to the Client

• Now in your client click on Service Account Roles tab.
• From Realm Roles select admin and add it to Assigned Roles.
• From the dropdown of Client Roles select realm-management.
• Add the manage-users role to Assigned Roles.

2. Setting up the Keycloak User Sync plugin

Please fill the following fields with their required values in Keycloak User Sync Plugin:

Note: All fields are case sensistive.

Server URL	Enter your Keycloak server URL with its scheme prefix(http/https) e.g. : https://example.com
Server Port	Enter the port no your Keycloak server is running on. By default, it is 8080.
Realm Name	Enter the name of the Keycloak realm in which you have configured a client in previous steps.
Group Name	Enter the name of the Keycloak user group in which you want to add all the synced user accounts.

Note: If you have configured Keycloak IDP in the miniOrange SAML 2.0 SSO plugin the first two fields (Server URL & Server Port) will be populated with those values, you can edit them if needed.

Under Client Crendentials Grant Configuration, configure the following values:

You need to configure two fields for this grant:

• Client ID: Enter the Client ID of the client you configured in Keycloak. You can find the client in the client list in your realm.


• Client Secret: To get the client secret value navigate to the Credentials tab in your client. Select Client Id and Secret from the Client Authenticator dropdown and copy the Client Secret.

3. Enable guest user option in WooCommerce

This option allows your users to create accounts at checkout.

Steps:

• In your Woocommerce plugin navigate to the Accounts and Privacy tab in Settings.
• Make sure to uncheck Allow customers to place orders without an account option this will enforce users to create an account at checkout.
• Enable the Allow customers to create an account during checkout option.

Conclusion

With the help of WordPress SAML SSO Plugin and Keycloak User Sync Plugin, you have configured your WooCommerce site to create users when they register on WordPress (SP) and successfully sync them in Keycloak (IDP). These users on registration will authenticate themselves using Keycloak to log into the WordPress WooCommerce site to purchase the discount coupons and Single Sign-On using Keycloak in the future.

Our WordPress SAML SSO Plugin supports integrations with a number of addons to extend the functionality of your site.
If you have any custom requirement, please contact us at samlsupport@xecurify.com and we will help you achieve your use case.

Additional Resources

• WooCommerce Integration
• What is Single Sign-On (SSO)?
• SSO into WooCommerce
• WordPress Keycloak SAML Single Sign-On
• What is SAML?
• Frequently Asked Questions (FAQs)
• Top tools to build an e-commerce site