Canvas LMS Single Sign On (SSO) with WordPress as IDP | Login into Canvas LMS using WordPress



The Canvas LMS is the world's fastest growing learning management system. It is an open-sourced cloud-based application designed to empower both teachers and students by making an engaging learning environment available to them. Login using WordPress Users ( WP as SAML IDP ) plugin gives you the ability to use your WordPress credentials to log into Canvas LMS. Here we will go through a step-by-step guide to configure SSO between, Canvas LMS as Service Provider and WordPress as an Identity Provider.


miniorange img Pre-requisite: Download And Installation


  • To integrate the WordPress site as an Identity Provider, you will need to install the miniOrange
    Login using WordPress Users ( WP as SAML IDP ) Plugin:

Follow the Step-by-Step Guide given below for Canvas LMS Single Sign On (SSO)


Step 1: Configure Canvas LMS as the Service Provider:

  • Open the WordPress site.
  • Install and activate the Login using WordPress Users ( WP as SAML IDP ) plugin on your WordPress site
    which is acting as Identity Provider.
  • Go to the WordPress IDP plugin, navigate to the IDP Metadata tab. Here, you can find the Identity
    Provider Metadata URL or you can Download the Metadata File.
  • You will find IDP Entity ID, SAML Login URL, SAML Logout URL (Premium Feature), Certificate.

  • You would need these to configure the Service provider(Canvas LMS).

    wordpress saml upload metadata canvas as sp

    miniorange img Instructions:

  • Login to your Canvas LMS domain as an Account Administrator.
  • Switch to Admin view by clicking on the corresponding link from the bottom of the screen.
  • Select Admin from the left pane and select the domain for which you wish to enable Single sign-on.

  • enable sso canvas as sp
  • Click on Authentication in the left pane and navigate to SAML

  • saml authentication canvas as sp Enter the values by referring to the table below.
    IDP Metadata URI Enter the Metadata URL that points to the metadata document.
    IDP Entity ID Enter the IDP Entity value that you got from the previous step.
    Log On URL Enter the SAML Login URL that you got from the previous step.
    Log Out URL Enter the SAML Logout URL(Premium feature) that you got from the
    previous step.
    Certificate Fingerprint Follow the steps below to copy the Thumbprint of certificate:
    1. Open the certificate that was downloaded earlier.
    2. Go to Details and in the field column select Thumbprint.
    3. Copy the Thumbprint that opens in the pane by pressing CTRL+C
    (Right-Click wont work!).
    4. Paste the Thumbprint in the Certificate Fingerprint.
    Make sure that there are no spaces in between the Certificate Fingerprint.
    Remove them manually.
    Login Attribute NameID
    Identifier Format Select urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
    from the dropdown list.
    Authentication Context Select urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
    from the dropdown list.
    Message Signing Select the algorithm to use for signing Request messages sent to the IdP.
    For now select Not Signed.
    Just In Time Provisioning If checked then it automatically create a user account in your Canvas LMS
    if its the first time a user logs in with single sign-on (SSO).

    enter saml info canvas as sp
  • Click Save to complete the configuration.

Step 2: Configure WordPress as the Identity Provider:

  • You would need Entity ID , Acs URL from Canvas LMS .
  • You can find this information under Current Provider in Authentication section under Admin tab.
  • Click on the Link to find Metadata file containing all the information of your Service Provider (Canvas LMS).

  • entity id canvas as sp

    miniorange img Instructions:

  • Open the WordPress site.
  • Go to the WordPress IDP plugin, navigate to the Service Provider tab.
  • Enter the values corresponding to the information from Canvas LMS. Refer to the table below.

    Service Provider Name Name of your Service Provider.
    SP Entity ID or Issuer Copy and paste the SP-EntityID from Canvas LMS.
    ACS URL Copy and paste the ACS URL from Canvas LMS.
    NameID Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
    Assertion Signed Checked
  • enter ip info canvas as sp
  • Click on the Save button to save your configuration.

Step 3: Configure attributes in the plugin (This is a premium feature):

    In WordPress:
  • In the WordPress IDP plugin,navigate to the Attribute/Role Mapping tab.
  • In the User Attributes section, enter the following information and click Save .
  • Click on + sign to add attributes.
  • Name User Meta Data
    FirstName first_name
    LastName last_name
    NickName nickname
    canvas attr mapping canvas as sp
    In Canvas LMS:
  • Navigate to Current Provider in Authentication section under the Admin tab. You will find
    Federated Attributes.
  • Make sure to add the following information under Federated Attributes .
  • Select the Attribute Name from the dropdown list and click on +Attribute
  • If an attribute is marked as Provisioning Only, then it will only be used when Just In Time Provisioning creates a new user, and will not be kept up to date each time the user logs in.

  • canvas attr mapping canvas as sp canvas attr mapping canvas as sp

Step 4: Testing SSO :

  • You can find the Login link information under the Current Provider in the Authentication section, under the
    Admin tab.

  • current provider canvas as sp test
  • Construct the login url,
    eg: https://your_domain.com/login/saml/103
  • Construct the login url,
    eg: https://your_domain.com/login/saml/103 https://your_domain.com/login/saml/103
  • You would be redirected to the WordPress Login screen. Enter the Credentials and click Log in.

  • wordpress login canvas as sp
If you were able to log into Canvas LMS, then your configuration is correct.

Business Trial For Free

If you don't find what you are looking for, please contact us at info@xecurify.com or call us at +1 978 658 9387.

Hello there!

Need Help? We are right here!

support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com