AWS Cognito SAML Single Sign-On (SSO) | AWS SSO Login with WordPress
Overview
AWS Cognito SSO - Login using WordPress Users (WP as SAML IDP) Plugin enables Single Sign-On (SSO) login into AWS using WordPress Login credentials. In this guide, we will set up SAML Single Sign-On (SSO) with WordPress in AWS Cognito by configuring AWS Cognito as SP (Service Provider) and WordPress as IdP (Identity Provider).
Pre-requisites : Download And Installation
- To configure WordPress as SAML IDP and AWS Cognito as SP with WordPress, you will need to install the miniOrange Login using WordPress Users (WP as SAML IDP).
Configuration Steps
Step 1: Setup AWS Cognito as SP (Service Provider)
- Go to the WordPress IDP plugin, navigate to the IDP Metadata tab.
- Here, you can find here the Identity Provider Metadata URL /XML Metadata or endpoints like IDP Entity ID, SAML Login URL, SAML Logout URL (Premium Feature), Certificate for SP configuration.

Create a user pool if not created already.
- Go to the Amazon Cognito console. You might be prompted for your AWS credentials.
- Choose an existing user pool from the list, or Create a User Pool.

Configure SAML Identity Provider in your user pool.
- Go to your User Pool.
- Navigate to the Sign-In Experience tab.

- Scroll down to the Federated identity provider sign-in section.
- Click on Add identity provider (if not already created).

- Choose SAML as Identity Provider.

- Enter a name for your Identity provider.
- Choose your desired method to Upload IDP Metadata.
- Click on the Add Identity provider.

Change App client settings for your user pool.
- In the User Pool, under App integration.
- Go to your configured App Client, and scroll down to the Hosted UI section.
- Click on Edit.

- On the Hosted UI edit page, do the following : For Callback URL(s), enter a URL where you want your users to be redirected after they log in. For testing, you can enter any valid URL, such as https://www.example.com/. Under Identity providers, select the Name provided while configuring Identity Provider in the previous step and Cognito User Pool from the dropdown. Under OAuth 2.0 grant types, select Authorization code grant and Implicit grant from the dropdown.


- Click on Save Changes.
You have successfully configured AWS Cognito as Service Provider.
Step 2: Setup WordPress as SP (Service Provider)
- You would need following credentials from Amazon Cognito.
Entity ID | e.g. urn:amazon:cognito:sp:yourUserPoolID |
- You can find your User Pool ID in the top section of User Pool.

ACS URL | e.g. https://yourDomainPrefix.auth.region.amazoncognito.com/saml2/idpresponse. |
- You can find your Cognito Domain in the App Integration tab of your User Pool.

Instructions:
- Open the WordPress site.
- Go to the WordPress IDP plugin, navigate to the Service Provider tab.
- Enter the values corresponding to the information from Amazon Cognito. Refer to the table below.
Service Provider Name | Name of your Service Provider. |
SP Entity ID or Issuer | Copy and paste the SP-EntityID from Amazon Cognito. |
ACS URL | Copy and paste the ACS URL from Amazon Cognito. |
NameID Format | urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress |
Assertion Signed | Checked |

- Click on the Save button to save your configuration.
Step 3: Attribute Mapping (This is a premium feature)
In WordPress:
- In the WordPress IDP plugin, navigate to the Attribute/Role Mapping tab.
- In the User Attributes section, enter the following information and click on Save .
- You can also add more attributes by clicking on + sign to add attributes.
Name | User Meta Data |
FirstName | first_name |
LastName | last_name |
user_email |
- In the Custom Attributes section, enter the following information and click Save .
Name | Custom Attribute Value |
Custom | customvalue |

Step 4: Testing SSO
- In the User Pool, under App integration.
- Go to your configured App Client, and scroll down to the Hosted UI section.
- Click on View Hosted UI.

- Click on the Button below Sign in with your corporate ID

- You would be redirected to the WordPress Login screen. Enter the Credentials and click Log in.

- If you were able to redirect to the selected Callback URL, then your configuration is correct.
In this Guide, you have successfully integrated AWS Cognito SAML Single Sign-On (SSO) with the plugin - Login using WordPress Users ( WP as SAML IDP ). Configuring AWS Cognito as SP and WordPress as IDP. This solution ensures that you are ready to roll out secure Single Sign-On (SSO) access with SAML 2.0 Authentication into AWS Cognito SSO using WordPress login credentials.
Related Articles
Why Our Customers choose miniOrange WordPress Single Sign-On (SSO) Solutions?
We offer Secure Identity Solutions for Single Sign-On, Two Factor Authentication, Adaptive MFA, Provisioning, and much more. Please contact us at
+1 978 658 9387 (US) | +91 97178 45846 (India) wpidpsupport@xecurify.com