Follow the step by step guide to configure Attribute-Based Redirection / Restriction addon with OAuth Client Single Sign-On (SSO) Plugin

miniOrange Attribute-Based Login Addon provides Redirection and Restriction to different pages after login, based on the user’s attributes stored in the user meta table of WordPress.

1. Steps to setup Attribute-Based Redirection

• Go to the miniOrange WordPress Single Sign-On (SSO) plugin. Select your OAuth provider from the list.

• Complete the OAuth Provider configuration setup by referring to the setup guides from here. After you have saved the settings. Click on Test Configuration button. You can see the Attribute name and its value in the test configuration table.

• Scroll down and click on the Attribute Mapping section. Under the Map Custom Attributes section enter the field meta name of your choice and enter the attribute name from the OAuth Provider test configuration table. (Refer to the below image)
• Click on the Save Settings button to save your mapping.

• Now, go to the Attribute-Based Login Addon. you can set redirection different pages after login based on the user attributes stored in the user meta table of WordPress under the Attribute-Based Redirection section.
• Enter the User Meta value which we have entered into the OAuth client plugin's Custom Attribute section. Enter the attribute name-value from the test configuration table in the Regex to match field. (Priority will be given from top-to-bottom, the first attribute value to satisfy the regex will be redirected.)
• Now, enter the redirect URL where you want the user to be redirected in the URL to redirect field and click on the Save button.

• The user will now be redirected to the relevant page after performing the Single Sign-On (sso) based on his roles.

2. Steps to setup Attribute-Based Restriction

• Go back to the addon and click on the Attribute-Based Restriction section.

• If you want to restrict your users from login in based on the attributes sent by OAuth Provider then enable the Login Restriction based on the following rules option.

• Let’s say you only want the users having roles as a teacher to be able to log in, then enter the user Attribute Name and the Attribute Value.
  You can provide semicolon-separated values in case of multiple attribute values. In this case, the rule will behave like the OR condition, that is, if the attribute sent by the IDP has any of the semicolons separated values, the user will be allowed to log in.

• In the Restricted user redirect URL field, enter the page URL where you want to redirect user and click on the Save button. If users don't satisfy the User Login Rules configured above, will be redirected to this URL without logging in to the site.

• As per the above configuration, a user will be allowed to login only if the roles attribute sent by the IDP for that user has the value Teacher.

Please reach out to us oauthsupport@xecurify.com if you need any assistance with the addon setup with WordPress Single Sign-On (SSO) - OAuth & OpenID Connect plugin.