Single Sign-On fulfils the most basic requirement of authentication with a single set of credentials in any business environment, increasing the efficiency in maintaining user data. Here, we will explore one real-life case where users SSO in the Woocommerce WordPress site and a sync is required to create users in Keycloak (IDP). The WordPress SAML SSO Plugin enables secure authentication and provides Attribute and Role Mapping that allows syncing/mapping of user-profiles from the Keyclaok (IDP) to WooCommerce profile fields and also assigns roles based on the user's group.
Scenario
You have a WordPress site to sell discount coupons for courses on an external LMS platform, and your users are stored in Keycloak.
- Woocommerce is installed on the WordPress site for selling discount coupons
- Keycloak is the Identity Provider i.e. users are stored in Keycloak
- Users register on the Woocommerce site for purchasing discount coupons of LMS courses
Requirements
- WooCommerce Single Sign-On (SSO): Single Sign-On in Woocommerce site for users so that users can use their Keycloak credentials to login into Woocommerce for purchasing discount coupons. If the user is already logged into the LMS platform, Woocommerce SSO would allow users to access the Woocommerce discount coupons without entering credentials again for authentication.
- WooCommerce User Sync to Keycloak: Sync users into Keycloak that register on the WooCommerce site during checkout. This allows the users to access the LMS platform using the same credentials.
Components involved
- WordPress SAML SSO Plugin - The WordPress SAML SSO Plugin is used to authenticate (Single Sign-On) users, and enables them to log into the WooCommerce site using Keycloak as their Identity Provider.
WordPress Single Sign On SSO login with Azure, Azure B2C, Okta, ADFS, Keycloak, Salesforce, Ping, Onelogin, Gsuite, Shibboleth & many SAML IDPs [24/7 SUPPORT]
- Keycloak User Sync Plugin - The miniOrange Woocommerce Keycloak User Sync add-on allows the creation of user accounts in Keycloak when a new user creates an account in WordPress while checking out an order from the Woocommerce checkout page.
Solution
When the user reaches the checkout page before making the purchase, one of the following two scenarios can take place before completing the transaction:
1. Users Register in WooCommerce
- With the help of the guest user option in WooCommerce, new accounts can be created at checkout.
- When an unregistered user tries to purchase a discount coupon on WooCommerce, the user first registers on the WordPress WooCommerce site.
- For registration, the user provides their personal information and an account is created for the user in WordPress during the checkout process.
- After the creation of the WordPress account, with the help of Clients Grant Configuration in Keycloak User Sync, an access token is obtained from Keycloak to sync users.
- A Keycloak account for the user is created with identical attributes, using the Keycloak User Sync plugin.
- The user is then assigned to a pre-existing group in Keycloak.
2. User logs in using Keycloak
- Once the user account is registered in WooCommerce, the user can SSO into the WordPress site using Keycloak as their Identity Provider.
- If the user wishes to make a purchase again he/she will have an option to select Keycloak to login into the WooCommerce site on its login page.
- With the help of the SAML SSO Plugin returning users will have an option to Single Sign-On into WooCommerce with the help of IDP.
- If the user has an active session on Keycloak, the user will be authenticated and redirected to the checkout page.
- If the user is logged out of Keycloak i.e. the user does not have an active session in Keycloak, they will be redirected to the Keycloak login page to authenticate themselves.
How to Setup Keycloak User Sync with WooCommerce
Pre-requisite: Setup WordPress SAML SSO Plugin
To setup Single Sign-On with WordPress as your Service Provider and Keycloak as the Identity Provider follow the steps from the setup guide given here.
Setup Keycloak User Sync with WooCommerce
To setup User Sync from WooCommerce to Keycloak follow the steps given below:
1. Setting up Keycloak client
- Login to your Keycloak server as an Administrator.
Adding Roles:
- Navigate to your realm and click on Roles. Click Add button.
Note: If your realm name has a space in it then API requests break so ensure that it
does not have space.
- Enter Role Name as create-realm and in Description field enter ${role_create-realm}
click Save.
- Now go back to Roles and again click on Add.
- Enter Role Name as admin description as ${role_admin} and click save.
- Enable the Composite Roles toggle a new section will appear at the bottom.
- Select and add the create-realm role to be associated with the admin role.
Creating Client:
Applying Roles to the Client
- Now in your client click on Service Account Roles tab.
- From Realm Roles select admin and add it to Assigned Roles.
- From the dropdown of Client Roles select realm-management.
- Add the manage-users role to Assigned Roles.
2. Setting up the Keycloak User Sync plugin
Please fill the following fields with their required values in Keycloak User Sync Plugin:
Note: All fields are case sensistive.
Server URL |
Enter your Keycloak server URL with its scheme prefix(http/https) e.g. :
https://example.com |
Server Port |
Enter the port no your Keycloak server is running on. By default, it is 8080. |
Realm Name |
Enter the name of the Keycloak realm in which you have configured a
client in previous steps. |
Group Name |
Enter the name of the Keycloak user group in which you want to add all
the synced user accounts.
|
Note: If you have configured Keycloak IDP in the miniOrange SAML 2.0 SSO plugin the first two
fields (Server URL & Server Port) will be populated with those values, you can edit them if
needed.
Under Client Crendentials Grant Configuration, configure the following values:
You need to configure two fields for this grant:
- Client ID: Enter the Client ID of the client you configured in Keycloak. You can find the
client in the client list in your realm.
- Client Secret: To get the client secret value navigate to the Credentials tab in your
client. Select Client Id and Secret from the Client Authenticator dropdown and copy the
Client Secret.
3. Enable guest user option in WooCommerce
This option allows your users to create accounts at checkout.
Steps:
- In your Woocommerce plugin navigate to the Accounts and Privacy tab in Settings.
- Make sure to uncheck Allow customers to place orders without an account option this
will enforce users to create an account at checkout.
- Enable the Allow customers to create an account during checkout option.
Conclusion
With the help of WordPress SAML SSO Plugin and Keycloak User Sync Plugin, you have configured your WooCommerce site to create users when they register on WordPress (SP) and successfully sync them in Keycloak (IDP). These users on registration will authenticate themselves using Keycloak to log into the WordPress WooCommerce site to purchase the discount coupons and Single Sign-On using Keycloak in the future.
Our WordPress SAML SSO Plugin supports integrations with a number of addons to extend the functionality of your site.
If you have any custom requirement, please contact us at samlsupport@xecurify.com and we will help you achieve your use case.
Additional Resources
Why Our Customers choose miniOrange WordPress Single Sign-On (SSO) Solutions?
24/7 Support
miniOrange provides 24/7 support for all the Secure Identity Solutions. We ensure high quality support to meet your satisfaction.
Sign Up
Customer Reviews
See for yourself what our customers say about us.
Reviews
Extensive Setup Guides
Easy and precise step-by-step instructions and videos to help you configure within minutes.
Watch Demo
We offer Secure Identity Solutions for Single Sign-On, Two Factor Authentication, Adaptive MFA, Provisioning, and much more. Please contact us at
 +1 978 658 9387 (US) | +91 97178 45846 (India) samlsupport@xecurify.com
[MO_CONTACT_US]