Search Results :

×

AWS Cognito SAML Single Sign-On (SSO) | AWS SSO Login with WordPress

AWS Cognito SSO - Login using WordPress Users (WP as SAML IDP) Plugin enables Single Sign-On (SSO) login into AWS using WordPress Login credentials. In this guide, we will set up SAML Single Sign-On (SSO) with WordPress in AWS Cognito by configuring AWS Cognito as SP (Service Provider) and WordPress as IdP (Identity Provider).


  • Go to the WordPress IDP plugin, navigate to the IDP Metadata tab.
  • Here, you can find here the Identity Provider Metadata URL /XML Metadata or endpoints like IDP Entity ID, SAML Login URL, SAML Logout URL (Premium Feature), Certificate for SP configuration.
WordPress AWS Cognito SSO | Configure SAML SSO in AWS Cognito (SP) with WordPress - AWS Cognito WordPress SSO Login | SSO Login

Create a user pool if not created already.

  • Go to the Amazon Cognito console. You might be prompted for your AWS credentials.
  • Choose an existing user pool from the list, or Create a User Pool.
WordPress AWS Cognito SSO | create user pool aws cognito as sp- AWS SSO Login with WordPress | SSO Login

Configure SAML Identity Provider in your user pool.

  • Go to your User Pool.
  • Navigate to the Sign-In Experience tab.
WordPress AWS Cognito SSO | Sign-in-Experience-litmos AWS SSO Login with WordPress | SSO Login

  • Scroll down to the Federated identity provider sign-in section.
  • Click on Add identity provider (if not already created).
WordPress AWS Cognito SSO | Add Identity Provider If not created - AWS SSO Login with WordPress | SSO Login

  • Choose SAML as Identity Provider.
WordPress AWS Cognito SSO | SAML As IDP - AWS SSO Login with WordPress | SSO Login

  • Enter a name for your Identity provider.
  • Choose your desired method to Upload IDP Metadata.
  • Click on the Add Identity provider.
WordPress AWS Cognito SSO | Add Identity Provider- AWS SSO Login with WordPress | SSO Login

Change App client settings for your user pool.

  • In the User Pool, under App integration.
  • Go to your configured App Client, and scroll down to the Hosted UI section.
  • Click on Edit.
WordPress AWS Cognito SSO | save app client info aws cognito as sp- AWS SSO Login with WordPress | SSO Login

  • On the Hosted UI edit page, do the following : For Callback URL(s), enter a URL where you want your users to be redirected after they log in. For testing, you can enter any valid URL, such as https://www.example.com/. Under Identity providers, select the Name provided while configuring Identity Provider in the previous step and Cognito User Pool from the dropdown. Under OAuth 2.0 grant types, select Authorization code grant and Implicit grant from the dropdown.
WordPress AWS Cognito SSO | Hosted sign up and sign in - AWS SSO Login with WordPress | SSO Login

WordPress AWS Cognito SSO | Hosted sign up and sign in - AWS SSO Login with WordPress | SSO Login

  • Click on Save Changes.

You have successfully configured AWS Cognito as Service Provider.


  • You would need following credentials from Amazon Cognito.
Entity ID e.g. urn:amazon:cognito:sp:yourUserPoolID
  • You can find your User Pool ID in the top section of User Pool.
WordPress AWS Cognito SSO | save app client info aws cognito as sp- AWS SSO Login with WordPress | SSO Login

ACS URL e.g. https://yourDomainPrefix.auth.region.amazoncognito.com/saml2/idpresponse.
  • You can find your Cognito Domain in the App Integration tab of your User Pool.
WordPress AWS Cognito SSO | save app client info aws cognito as sp- AWS SSO Login with WordPress | SSO Login

Instructions:

  • Open the WordPress site.
  • Go to the WordPress IDP plugin, navigate to the Service Provider tab.
  • Enter the values corresponding to the information from Amazon Cognito. Refer to the table below.
Service Provider Name Name of your Service Provider.
SP Entity ID or Issuer Copy and paste the SP-EntityID from Amazon Cognito.
ACS URL Copy and paste the ACS URL from Amazon Cognito.
NameID Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
Assertion Signed Checked
WordPress AWS Cognito SSO | enter sp info aws cognito as sp- AWS SSO Login with WordPress | SSO Login

  • Click on the Save button to save your configuration.

In WordPress:

  • In the WordPress IDP plugin, navigate to the Attribute/Role Mapping tab.
  • In the User Attributes section, enter the following information and click on Save .
  • You can also add more attributes by clicking on + sign to add attributes.
Name User Meta Data
FirstName first_name
LastName last_name
Email user_email
  • In the Custom Attributes section, enter the following information and click Save .
Name Custom Attribute Value
Custom customvalue
WordPress AWS Cognito SSO | cognito user mapping aws cognito as sp- AWS SSO Login with WordPress | SSO Login


  • In the User Pool, under App integration.
  • Go to your configured App Client, and scroll down to the Hosted UI section.
  • Click on View Hosted UI.
WordPress AWS Cognito SSO | launch hosted ui aws cognito as sp- AWS SSO Login with WordPress | SSO Login

  • Click on the Button below Sign in with your corporate ID
WordPress AWS Cognito SSO | sign in from corporate id aws cognito as sp- AWS SSO Login with WordPress | SSO Login

  • You would be redirected to the WordPress Login screen. Enter the Credentials and click Log in.
WordPress AWS Cognito SSO | wordpress login aws cognito as sp- AWS SSO Login with WordPress | SSO Login

  • If you were able to redirect to the selected Callback URL, then your configuration is correct.

In this Guide, you have successfully integrated AWS Cognito SAML Single Sign-On (SSO) with the plugin - Login using WordPress Users ( WP as SAML IDP ). Configuring AWS Cognito as SP and WordPress as IDP. This solution ensures that you are ready to roll out secure Single Sign-On (SSO) access with SAML 2.0 Authentication into AWS Cognito SSO using WordPress login credentials.


We offer Secure Identity Solutions for Single Sign-On, Two Factor Authentication, Adaptive MFA, Provisioning, and much more. Please contact us at

 +1 978 658 9387 (US) | +91 97178 45846 (India)    wpidpsupport@xecurify.com


ADFS_sso ×
Hello there!

Need Help? We are right here!

support