AWS Cognito SAML Single Sign-On (SSO) | AWS SSO Login with WordPress

AWS Cognito SAML Single Sign-On (SSO) | AWS SSO Login with WordPress


AWS Cognito

AWS Cognito SSO - Login using WordPress Users (WP as SAML IDP) Plugin enables Single Sign-On (SSO) login into AWS using WordPress Login credentials. In this guide, we will set up SAML Single Sign-On (SSO) with WordPress in AWS Cognito by configuring AWS Cognito as SP (Service Provider) and WordPress as IdP (Identity Provider).

Pre-requisites: Download And Installation

To integrate the WordPress site as an Identity Provider, you will need to install the miniOrange Login using WordPress Users (WP as SAML IDP) plugin:

Guide to set up AWS Cognito SSO Login with WordPress:

1. Configure AWS Cognito as the Service Provider (SP)

  • Go to the WordPress IDP plugin, navigate to the IDP Metadata tab.
  • Here, you can find here the Identity Provider Metadata URL /XML Metadata or endpoints like IDP Entity ID, SAML Login URL, SAML Logout URL (Premium Feature), Certificate for SP configuration.
  • Configure SAML SSO in AWS Cognito (SP) with WordPress - AWS Cognito WordPress SSO Login
miniorange img Create a user pool if not created already.
  • Go to the Amazon Cognito console. You might be prompted for your AWS credentials.
  • aws credentials for cognito as sp- AWS SSO Login with WordPress
  • Choose an existing user pool from the list, or Create a User Pool.
  • create user pool aws cognito as sp- AWS SSO Login with WordPress
  • For creating new user pool. Enter Pool Name and select Review Defaults.
  • enter pool name aws cognito as sp- AWS SSO Login with WordPress
miniorange img Create an App Client in your user pool if not created already.
  • On the navigation bar on the left-side of the page, choose App clients under General settings.
  • Choose Add an app client and give your app a Name.
  • Clear the option Generate client secret for the purposes of this getting started exercise, as it would not be secure to send it on the URL using client-side JavaScript.
  • general settings aws cognito as sp- AWS SSO Login with WordPress
  • Choose Create app client.
  • Note the App client ID and choose Return to pool details.
  • app clients aws cognito as sp- AWS SSO Login with WordPress
miniorange img Add Domain name to your Pool.
  • Click on the Domain name tab of the Amazon Cognito console and add Domain Prefix.
  • add domain name aws cognito as sp- AWS SSO Login with WordPress
miniorange img Configure SAML Identity Provider in your user pool.
  • On the left navigation bar, choose Identity providers and then choose SAML to open the SAML dialog.

  • select saml idp aws cognito as sp- AWS SSO Login with WordPress
  • Under Metadata document upload a metadata document from your SAML IdP. You can also enter a URL that points to the metadata document.
  • Note: Amazon Cognito recommends that you provide the endpoint URL if it is a public endpoint, rather than uploading a file because this allows Amazon Cognito to refresh the metadata automatically. Typically metadata refresh happens every 6 hours or before the metadata expires, whichever is earlier.
  • Enter the values by referring to the table below.
  • Provider Name Enter your SAML Identity Provider name.
    Identifiers (optional) Enter any optional SAML Identifiers you want to use.
    Identifiers (optional) Enter any optional SAML Identifiers you want to use.
    Identifiers (optional) Enter any optional SAML Identifiers you want to use.
    Enable IdP sign out flow Select Enable IdP sign out flow if you want your user to be logged out from the SAML IdP when logging out from Amazon Cognito.
    Note: This is a premium feature in the miniOrange Login using WordPress Users (WP as SAML IDP) Plugin .
    metadata document aws cognito as sp- AWS SSO Login with WordPress
  • Click on Create provider.
  • On the Attribute mapping (OPTIONAL) tab,if you are opting for it then add mappings for at least the required attributes, typically email.
  • Note: Attribute Mapping is a premium feature in the Login using WordPress Users ( WP as SAML IDP ) Plugin .

  • Choose Save changes.
miniorange img Change App client settings for your user pool.
  • In the left navigation pane, under App integration, choose App client settings.
  • On the app client page, do the following : Under Enabled Identity Providers, check the Name provided while configuring Identity Provider in the previous step and Cognito User Pool check boxes. For Callback URL(s), enter a URL where you want your users to be redirected after they log in. For testing, you can enter any valid URL, such as https://www.example.com/. For Sign out URL(s), enter a URL where you want your users to be redirected after they log out. For testing, you can enter any valid URL, such as https://www.example.com/.
  • save app client info aws cognito as sp- AWS SSO Login with WordPress
  • Choose Save changes.

You have successfully configured AWS Cognito as Service Provider.

2. Configure WordPress (WP) as IdP (Identity Provider)

  • You would need following credentials from Amazon Cognito.
  • Entity ID e.g. urn:amazon:cognito:sp:yourUserPoolID You can find your yourUserPoolID in the General settings tab in the Amazon Cognito console.
    Entity ID e.g. urn:amazon:cognito:sp:yourUserPoolID
  • You can find your yourUserPoolID in the General settings tab in the Amazon Cognito console.
  • pool id aws cognito as sp- AWS SSO Login with WordPress
    ACS URL e.g. https://yourDomainPrefix.auth.region.amazoncognito.com/saml2/idpresponse. You can find yourDomainPrefix and the region value for your user pool in the Domain name tab in the Amazon Cognito console.
    domain name aws cognito as sp- AWS SSO Login with WordPress
miniorange img Instructions:
  • Open the WordPress site.
  • Go to the WordPress IDP plugin, navigate to the Service Provider tab.
  • Enter the values corresponding to the information from Amazon Cognito. Refer to the table below.
  • Service Provider Name Name of your Service Provider.
    SP Entity ID or Issuer Copy and paste the SP-EntityID from Amazon Cognito.
    ACS URL Copy and paste the ACS URL from Amazon Cognito.
    NameID Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
    Assertion Signed Checked
    enter sp info aws cognito as sp- AWS SSO Login with WordPress
  • Click on the Save button to save your configuration.

3. Attribute Mapping (This is a premium feature)

miniorange img In WordPress:
  • In the WordPress IDP plugin, navigate to the Attribute/Role Mapping tab.
  • In the User Attributes section, enter the following information and click on Save .
  • You can also add more attributes by clicking on + sign to add attributes.
  • Name User Meta Data
    FirstName first_name
    LastName last_name
    Email user_email
  • In the Custom Attributes section, enter the following information and click Save .
  • Name Custom Attribute Value
    Custom customvalue
    cognito user mapping aws cognito as sp- AWS SSO Login with WordPress
miniorange img In Amazon Cognito:
  • Make sure to add the following information in the Amazon Cognito under Attribute Mapping tab.
  • cognito user mapping aws cognito as sp- AWS SSO Login with WordPress

4. Testing SSO

  • In the Amazon Cognito console go to Manage User Pool.
  • In the left navigation pane, under App integration, choose App client settings.
  • In the Configured App Client, click on the Launch Hosted UI.
  • launch hosted ui aws cognito as sp- AWS SSO Login with WordPress
  • Click on the Button below Sign in with your corporate ID
  • sign in from corporate id aws cognito as sp- AWS SSO Login with WordPress
  • You would be redirected to the WordPress Login screen. Enter the Credentials and click Log in.
  • wordpress login aws cognito as sp- AWS SSO Login with WordPress
  • If you were able to redirect to the selected Callback URL, then your configuration is correct.
  • In this Guide, you have successfully integrated AWS Cognito SAML Single Sign-On (SSO) with the plugin - Login using WordPress Users ( WP as SAML IDP ). Configuring AWS Cognito as SP and WordPress as IDP. This solution ensures that you are ready to roll out secure Single Sign-On (SSO) access with SAML 2.0 Authentication into AWS Cognito SSO using WordPress login credentials.

Additional Resources

Why Our Customers choose miniOrange WordPress Single Sign-On (SSO) Solutions?


24/7 Support

miniOrange provides 24/7 support for all the Secure Identity Solutions. We ensure high quality support to meet your satisfaction.

Sign Up

Customer Reviews

See for yourself what our customers say about us.
 

Reviews

Extensive Setup Guides

Easy and precise step-by-step instructions and videos to help you configure within minutes.

Watch Demo


We offer Secure Identity Solutions for Single Sign-On, Two Factor Authentication, Adaptive MFA, Provisioning, and much more. Please contact us at

 +1 978 658 9387 (US) | +91 77966 99612 (India)   samlsupport@xecurify.com

Hello there!

Need Help? We are right here!

support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com