WordPress WooCommerce SSO Integration with Keycloak for User Sync


Single Sign-On fulfils the most basic requirement of authentication with a single set of credentials in any business environment, increasing the efficiency in maintaining user data. Here, we will explore one real-life case where users SSO in the Woocommerce WordPress site and a sync is required to create users in Keycloak (IDP). The WordPress SAML SSO Plugin enables secure authentication and provides Attribute and Role Mapping that allows syncing/mapping of user-profiles from the Keyclaok (IDP) to WooCommerce profile fields and also assigns roles based on the user's group.

Scenario

You have a WordPress site to sell discount coupons for courses on an external LMS platform, and your users are stored in Keycloak.

  • Woocommerce is installed on the WordPress site for selling discount coupons
  • Keycloak is the Identity Provider i.e. users are stored in Keycloak
  • Users register on the Woocommerce site for purchasing discount coupons of LMS courses

Requirements

  1. WooCommerce Single Sign-On (SSO): Single Sign-On in Woocommerce site for users so that users can use their Keycloak credentials to login into Woocommerce for purchasing discount coupons. If the user is already logged into the LMS platform, Woocommerce SSO would allow users to access the Woocommerce discount coupons without entering credentials again for authentication.
  2. WooCommerce User Sync to Keycloak: Sync users into Keycloak that register on the WooCommerce site during checkout. This allows the users to access the LMS platform using the same credentials.

Components involved

  1. WordPress SAML SSO Plugin - The WordPress SAML SSO Plugin is used to authenticate (Single Sign-On) users, and enables them to log into the WooCommerce site using Keycloak as their Identity Provider.
  2. WordPress Single Sign On SSO login with Azure, Azure B2C, Okta, ADFS, Keycloak, Salesforce, Ping, Onelogin, Gsuite, Shibboleth & many SAML IDPs [24/7 SUPPORT]

     Tested with 5.8.2

  3. Keycloak User Sync Plugin - The miniOrange Woocommerce Keycloak User Sync add-on allows the creation of user accounts in Keycloak when a new user creates an account in WordPress while checking out an order from the Woocommerce checkout page.
  4. [24/7 SUPPORT]

     Tested with 5.8.2

Solution

When the user reaches the checkout page before making the purchase, one of the following two scenarios can take place before completing the transaction:

1. Users Register in WooCommerce

  • With the help of the guest user option in WooCommerce, new accounts can be created at checkout.

  • Allow guest login - WooCommerce (WP) SSO Integration - WooCommerce integration with Keycloak
  • When an unregistered user tries to purchase a discount coupon on WooCommerce, the user first registers on the WordPress WooCommerce site.
  • For registration, the user provides their personal information and an account is created for the user in WordPress during the checkout process.
  • After the creation of the WordPress account, with the help of Clients Grant Configuration in Keycloak User Sync, an access token is obtained from Keycloak to sync users.
  • A Keycloak account for the user is created with identical attributes, using the Keycloak User Sync plugin.
  • The user is then assigned to a pre-existing group in Keycloak.

  • Keycloak User Sync - WooCommerce (WP) SSO Integration - WooCommerce integration with Keycloak
2. User logs in using Keycloak
  • Once the user account is registered in WooCommerce, the user can SSO into the WordPress site using Keycloak as their Identity Provider.
  • If the user wishes to make a purchase again he/she will have an option to select Keycloak to login into the WooCommerce site on its login page.
  • With the help of the SAML SSO Plugin returning users will have an option to Single Sign-On into WooCommerce with the help of IDP.
  • If the user has an active session on Keycloak, the user will be authenticated and redirected to the checkout page.
  • If the user is logged out of Keycloak i.e. the user does not have an active session in Keycloak, they will be redirected to the Keycloak login page to authenticate themselves.

  •  Login with Keycloak - WooCommerce (WP) SSO Integration - WooCommerce integration with Keycloak

How to Setup Keycloak User Sync with WooCommerce

Pre-requisite: Setup WordPress SAML SSO Plugin

To setup Single Sign-On with WordPress as your Service Provider and Keycloak as the Identity Provider follow the steps from the setup guide given here.

Setup Keycloak User Sync with WooCommerce

To setup User Sync from WooCommerce to Keycloak follow the steps given below:

1. Setting up Keycloak client
  • Login to your Keycloak server as an Administrator.

Adding Roles:

  • Navigate to your realm and click on Roles. Click Add button.
  • Note: If your realm name has a space in it then API requests break so ensure that it does not have space.

  • Enter Role Name as create-realm and in Description field enter ${role_create-realm} click Save.

  • Add Role - WooCommerce (WP) SSO Integration - WooCommerce integration with Keycloak
  • Now go back to Roles and again click on Add.
  • Enter Role Name as admin description as ${role_admin} and click save.
  • Enable the Composite Roles toggle a new section will appear at the bottom.
  • Select and add the create-realm role to be associated with the admin role.

  • Admin - WooCommerce (WP) SSO Integration - WooCommerce integration with Keycloak

Creating Client:

  • Navigate to your realm > Clients and click on Create to create a new client.

  • Client - WooCommerce (WP) SSO Integration - WooCommerce integration with Keycloak
  • Enter a Client Id for your client and select Client Protocol as openid-connect and click Save (do not include any whitespaces in the Client ID).

  • Add Client - WooCommerce (WP) SSO Integration - WooCommerce integration with Keycloak

    After clicking save multiple configuration settings will appear, scroll down and apply the following client configurations and press save:

  • Client Protocol: openid-connect
  • Access Type: confidential
  • Direct Access Grants Enabled: ON
  • Service Accounts Enabled: ON

  • Add Client - WooCommerce (WP) SSO Integration - WooCommerce integration with Keycloak

Applying Roles to the Client

  • Now in your client click on Service Account Roles tab.
  • From Realm Roles select admin and add it to Assigned Roles.
  • From the dropdown of Client Roles select realm-management.
  • Add the manage-users role to Assigned Roles.
  • User Sync - WooCommerce (WP) SSO Integration - WooCommerce integration with Keycloak
2. Setting up the Keycloak User Sync plugin

    Please fill the following fields with their required values in Keycloak User Sync Plugin:

    Note: All fields are case sensistive.

    Server URL Enter your Keycloak server URL with its scheme prefix(http/https) e.g. : https://example.com
    Server Port Enter the port no your Keycloak server is running on. By default, it is 8080.
    Realm Name Enter the name of the Keycloak realm in which you have configured a client in previous steps.
    Group Name Enter the name of the Keycloak user group in which you want to add all the synced user accounts.

    Note: If you have configured Keycloak IDP in the miniOrange SAML 2.0 SSO plugin the first two fields (Server URL & Server Port) will be populated with those values, you can edit them if needed.

Plugin Configuration - WooCommerce (WP) SSO Integration - WooCommerce integration with Keycloak

    Under Client Crendentials Grant Configuration, configure the following values:

    You need to configure two fields for this grant:

  • Client ID: Enter the Client ID of the client you configured in Keycloak. You can find the client in the client list in your realm.

  • Client User Sync - WooCommerce (WP) SSO Integration - WooCommerce integration with Keycloak
  • Client Secret: To get the client secret value navigate to the Credentials tab in your client. Select Client Id and Secret from the Client Authenticator dropdown and copy the Client Secret.

  • Client Secret - WooCommerce (WP) SSO Integration - WooCommerce integration with Keycloak
3. Enable guest user option in WooCommerce

This option allows your users to create accounts at checkout.

Steps:

  • In your Woocommerce plugin navigate to the Accounts and Privacy tab in Settings.
  • Make sure to uncheck Allow customers to place orders without an account option this will enforce users to create an account at checkout.
  • Enable the Allow customers to create an account during checkout option.

  • Allow guest login - WooCommerce (WP) SSO Integration - WooCommerce integration with Keycloak

Conclusion

With the help of WordPress SAML SSO Plugin and Keycloak User Sync Plugin, you have configured your WooCommerce site to create users when they register on WordPress (SP) and successfully sync them in Keycloak (IDP). These users on registration will authenticate themselves using Keycloak to log into the WordPress WooCommerce site to purchase the discount coupons and Single Sign-On using Keycloak in the future.

Our WordPress SAML SSO Plugin supports integrations with a number of addons to extend the functionality of your site.
If you have any custom requirement, please contact us at samlsupport@xecurify.com and we will help you achieve your use case.

Additional Resources

Why Our Customers choose miniOrange WordPress Single Sign-On (SSO) Solutions?


24/7 Support

miniOrange provides 24/7 support for all the Secure Identity Solutions. We ensure high quality support to meet your satisfaction.

Sign Up

Customer Reviews

See for yourself what our customers say about us.
 

Reviews

Extensive Setup Guides

Easy and precise step-by-step instructions and videos to help you configure within minutes.

Watch Demo


We offer Secure Identity Solutions for Single Sign-On, Two Factor Authentication, Adaptive MFA, Provisioning, and much more. Please contact us at

 +1 978 658 9387 (US) | +91 77966 99612 (India)   samlsupport@xecurify.com

Hello there!

Need Help? We are right here!

support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com