Search Results :

×

AWS Cognito SAML Single Sign-On (SSO) | AWS SSO Login with WordPress


AWS Cognito

AWS Cognito SSO - Login using WordPress Users (WP as SAML IDP) Plugin enables Single Sign-On (SSO) login into AWS using WordPress Login credentials. In this guide, we will set up SAML Single Sign-On (SSO) with WordPress in AWS Cognito by configuring AWS Cognito as SP (Service Provider) and WordPress as IdP (Identity Provider).

Pre-requisites: Download And Installation

To integrate the WordPress site as an Identity Provider, you will need to install the miniOrange Login using WordPress Users (WP as SAML IDP) plugin:

add-wordpress sso download plugin
Login using WordPress Users ( WP as SAML IDP )
By miniOrange

Single Sign-On (SSO) login with WordPress Users into any Service Provider like Tableau, Zoho, Zoom, Moodle, Canvas LMS, Absorb LMS, TalentLMS, etc.

 Tested with 6.5.2

Guide to set up AWS Cognito SSO Login with WordPress:

1. Configure AWS Cognito as the Service Provider (SP)

  • Go to the WordPress IDP plugin, navigate to the IDP Metadata tab.
  • Here, you can find here the Identity Provider Metadata URL /XML Metadata or endpoints like IDP Entity ID, SAML Login URL, SAML Logout URL (Premium Feature), Certificate for SP configuration.
  • Configure SAML SSO in AWS Cognito (SP) with WordPress - AWS Cognito WordPress SSO Login
miniorange img Create a user pool if not created already.
  • Go to the Amazon Cognito console. You might be prompted for your AWS credentials.
  • Choose an existing user pool from the list, or Create a User Pool.
  • create user pool aws cognito as sp- AWS SSO Login with WordPress
miniorange img Configure SAML Identity Provider in your user pool.
  • Go to your User Pool.
  • Navigate to the Sign-In Experience tab.
  • Sign-in-Experience-litmos AWS SSO Login with WordPress
  • Scroll down to the Federated identity provider sign-in section.
  • Click on Add identity provider (if not already created).
  • Add Identity Provider If not created - AWS SSO Login with WordPress
  • Choose SAML as Identity Provider.
  • SAML As IDP - AWS SSO Login with WordPress
  • Enter a name for your Identity provider.
  • Choose your desired method to Upload IDP Metadata.
  • Click on the Add Identity provider.
  • Add Identity Provider- AWS SSO Login with WordPress
miniorange img Change App client settings for your user pool.
  • In the User Pool, under App integration.
  • Go to your configured App Client, and scroll down to the Hosted UI section.
  • Click on Edit.
  • save app client info aws cognito as sp- AWS SSO Login with WordPress
  • On the Hosted UI edit page, do the following : For Callback URL(s), enter a URL where you want your users to be redirected after they log in. For testing, you can enter any valid URL, such as https://www.example.com/. Under Identity providers, select the Name provided while configuring Identity Provider in the previous step and Cognito User Pool from the dropdown. Under OAuth 2.0 grant types, select Authorization code grant and Implicit grant from the dropdown.
  • Hosted sign up and sign in - AWS SSO Login with WordPress Hosted sign up and sign in - AWS SSO Login with WordPress
  • Click on Save Changes.

You have successfully configured AWS Cognito as Service Provider.

2. Configure WordPress (WP) as IdP (Identity Provider)

  • You would need following credentials from Amazon Cognito.
  • Entity ID e.g. urn:amazon:cognito:sp:yourUserPoolID
  • You can find your User Pool ID in the top section of User Pool.
  • save app client info aws cognito as sp- AWS SSO Login with WordPress
    ACS URL e.g. https://yourDomainPrefix.auth.region.amazoncognito.com/saml2/idpresponse.
  • You can find your Cognito Domain in the App Integration tab of your User Pool.
  • save app client info aws cognito as sp- AWS SSO Login with WordPress
miniorange img Instructions:
  • Open the WordPress site.
  • Go to the WordPress IDP plugin, navigate to the Service Provider tab.
  • Enter the values corresponding to the information from Amazon Cognito. Refer to the table below.
  • Service Provider Name Name of your Service Provider.
    SP Entity ID or Issuer Copy and paste the SP-EntityID from Amazon Cognito.
    ACS URL Copy and paste the ACS URL from Amazon Cognito.
    NameID Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
    Assertion Signed Checked
    enter sp info aws cognito as sp- AWS SSO Login with WordPress
  • Click on the Save button to save your configuration.

3. Attribute Mapping (This is a premium feature)

miniorange img In WordPress:
  • In the WordPress IDP plugin, navigate to the Attribute/Role Mapping tab.
  • In the User Attributes section, enter the following information and click on Save .
  • You can also add more attributes by clicking on + sign to add attributes.
  • Name User Meta Data
    FirstName first_name
    LastName last_name
    Email user_email
  • In the Custom Attributes section, enter the following information and click Save .
  • Name Custom Attribute Value
    Custom customvalue
    cognito user mapping aws cognito as sp- AWS SSO Login with WordPress

4. Testing SSO

  • In the User Pool, under App integration.
  • Go to your configured App Client, and scroll down to the Hosted UI section.
  • Click on View Hosted UI.
  • launch hosted ui aws cognito as sp- AWS SSO Login with WordPress
  • Click on the Button below Sign in with your corporate ID
  • sign in from corporate id aws cognito as sp- AWS SSO Login with WordPress
  • You would be redirected to the WordPress Login screen. Enter the Credentials and click Log in.
  • wordpress login aws cognito as sp- AWS SSO Login with WordPress
  • If you were able to redirect to the selected Callback URL, then your configuration is correct.
  • In this Guide, you have successfully integrated AWS Cognito SAML Single Sign-On (SSO) with the plugin - Login using WordPress Users ( WP as SAML IDP ). Configuring AWS Cognito as SP and WordPress as IDP. This solution ensures that you are ready to roll out secure Single Sign-On (SSO) access with SAML 2.0 Authentication into AWS Cognito SSO using WordPress login credentials.

Additional Resources

We offer Secure Identity Solutions for Single Sign-On, Two Factor Authentication, Adaptive MFA, Provisioning, and much more. Please contact us at

 +1 978 658 9387 (US) | +91 97178 45846 (India)    wpidpsupport@xecurify.com


[MO_CONTACT_US]
Hello there!

Need Help? We are right here!

support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com