The Canvas LMS is the world's fastest growing learning management system. It is an open-sourced cloud-based application designed to empower both teachers and students by making an engaging learning environment available to them. Login using WordPress Users ( WP as SAML IDP ) plugin gives you the ability to use your WordPress credentials to log into Canvas LMS. Here we will go through a step-by-step guide to configure SSO between, Canvas LMS as Service Provider and WordPress as an Identity Provider.

Pre-requisites: Download And Installation

To integrate the WordPress site as an Identity Provider, you will need to install the miniOrange Login using WordPress Users ( WP as SAML IDP ) Plugin:

Login using WordPress Users ( WP as SAML IDP )

By miniOrange

(30)

Login with WordPress users to any application. SAML SSO or WSFED SSO into Tableau, Zoom, Moodle LMS, etc using WP users. [24×7 SUPPORT]

 Tested with 5.8.2

Get this plugin

Follow the Step-by-Step Guide given below for Canvas LMS Single Sign On (SSO)

1. Configure Canvas LMS as Service Provider

• Open the WordPress site.
• Install and activate the Login using WordPress Users ( WP as SAML IDP ) plugin on your WordPress site
  which is acting as Identity Provider.
• Go to the WordPress IDP plugin, navigate to the IDP Metadata tab. Here, you can find the Identity Provider Metadata URL or you can Download the Metadata File.
• You will find IDP Entity ID, SAML Login URL, SAML Logout URL (Premium Feature), Certificate. You would need these to configure the Service provider(Canvas LMS).

You would need these to configure the Service provider(Canvas LMS).


• Login to your Canvas LMS domain as an Account Administrator.
• Switch to Admin view by clicking on the corresponding link from the bottom of the screen.
• Select Admin from the left pane and select the domain for which you wish to enable Single sign-on.

• Click on Authentication in the left pane and navigate to SAML

• Enter the values by referring to the table below.

IDP Metadata URI	Enter the Metadata URL that points to the metadata document.
IDP Entity ID	Enter the IDP Entity value that you got from the previous step.
Log On URL	Enter the SAML Login URL that you got from the previous step.
Log Out URL	Enter the SAML Logout URL(Premium feature) that you got from the previous step.
Certificate Fingerprint	Follow the steps below to copy the Thumbprint of certificate: 1. Open the certificate that was downloaded earlier. 2. Go to Details and in the field column select Thumbprint. 3. Copy the Thumbprint that opens in the pane by pressing CTRL+C (Right-Click wont work!). 4. Paste the Thumbprint in the Certificate Fingerprint. Make sure that there are no spaces in between the Certificate Fingerprint. Remove them manually.
Login Attribute	NameID
Identifier Format	Select urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress from the dropdown list.
Authentication Context	Select urn:oasis:names:tc:SAML:2.0:ac:classes: PasswordProtectedTransport from the dropdown list.
Message Signing	Select the algorithm to use for signing Request messages sent to the IdP. For now select Not Signed.
Just In Time Provisioning	If checked then it automatically create a user account in your Canvas LMS if its the first time a user logs in with single sign-on (SSO).


• Click Save to complete the configuration.

2. Configure WordPress (WP) as IdP (Identity Provider)

• You would need Entity ID , Acs URL from Canvas LMS .
• You can find this information under Current Provider in Authentication section under Admin tab.
• Click on the Link to find Metadata file containing all the information of your Service Provider
  (Canvas LMS).


• Open the WordPress site.
• Go to the WordPress IDP plugin, navigate to the Service Provider tab.
• Enter the values corresponding to the information from Canvas LMS. Refer to the table below.

Service Provider Name	Name of your Service Provider.
SP Entity ID or Issuer	Copy and paste the SP-EntityID from Canvas LMS.
ACS URL	Copy and paste the ACS URL from Canvas LMS.
NameID Format	urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
Assertion Signed	Checked


• Click on the Save button to save your configuration.

3. Attribute Mapping (This is a premium feature)

In WordPress:

• In the WordPress IDP plugin,navigate to the Attribute/Role Mapping tab.
• In the User Attributes section, enter the following information and click Save .
• Click on + sign to add attributes.

Name	User Meta Data
FirstName	first_name
LastName	last_name
NickName	nickname



In Canvas LMS:

• Navigate to Current Provider in Authentication section under the Admin tab. You will find
  Federated Attributes.
• Make sure to add the following information under Federated Attributes .
• Select the Attribute Name from the dropdown list and click on +Attribute
• If an attribute is marked as Provisioning Only, then it will only be used when Just In Time Provisioning
  creates a new user, and will not be kept up to date each time the user logs in.

4. Testing SSO

• You can find the Login link information
  under the Current Provider in the Authentication section, under the Admin tab.


• Construct the login url,
  eg: https://your_domain.com/login/saml/103
Construct the login url,
eg: https://your_domain.com/login/saml/103 https://your_domain.com/login/saml/103
• You would be redirected to the WordPress Login screen. Enter the Credentials and click Log in.

If you were able to log into Canvas LMS, then your configuration is correct.

Additional Resources

• What is Single Sign-On (SSO)?
• What is SAML?
• Frequently Asked Questions (FAQs)