RocketChat SAML Single Sign-On (SSO) with WordPress as SAML IdP. Login using WordPress Users (WP as SAML IDP) plugin gives you the ability to use your WordPress (WP) credentials to login into RocketChat (SP). Here we will go through a step-by-step guide to configure SSO between RocketChat as SP (Service Provider) and WordPress as IdP (Identity Provider).

Note: Premium Version of WP SAML IDP Plugin is required to set up SSO with RocketChat.

Pre-requisites: Download And Installation

To integrate the WordPress site as an Identity Provider, you will need to install the miniOrange Login using WordPress Users ( WP as SAML IDP ) plugin:

Login using WordPress Users ( WP as SAML IDP )

By miniOrange

(36)

Single Sign-On (SSO) login with WordPress Users into any Service Provider like Tableau, Zoho, Zoom, Moodle, Canvas LMS, Absorb LMS, TalentLMS, etc.

 Tested with 6.0.2

Get this plugin

Guide to set up SAML Single Sign-On (SSO) in RocketChat with WordPress (WP)

1. Setup RocketChat as SP (Service Provider)

• Go to the WordPress IDP plugin, navigate to the IDP Metadata tab.
• Here, you can find the Identity Provider Metadata URL /XML Metadata or endpoints like IDP Entity ID, SAML Login URL, SAML Logout URL (Premium Feature), Certificate for SP configuration.



• Open a new browser tab or window, Log in to your RocketChat account as Account Admin.
• Click on the left corner. Select Administration.



• Search for SAML under Administration tab.
• Enter the information into the corresponding fields.

Custom Provider	<name-of-your-app>
Custom Entry Point	Copy and paste the SAML Login URL from IDP Metadata tab
IDP SLO Redirect URL	Copy and paste the SAML Logout URL from IDP Metadata tab
Custom Issuer	https://<your-rocketchat-url>/_saml/metadata/<name-of-your-app>
Public Cert Contents	(a) Open the Public Cert Contents dropdown (b) Download the Certificate from IDP Metadata. Open it in notepad. Copy and paste the content here.
Signature Validation Type	Validate Either Signature
User Data Field Map	Open the User Data Field Map dropdown and enter the following attributes: {"username":"username", "email":"email", "name": "cn"}

Note: Custom Provider = <name of your app> e.g. my-app




• Once this is done, click on Enable and Save Changes.

2. Configure WordPress (WP) as IdP (Identity Provider)

• Go to WordPress IDP Plugin on the Dashboard and select Service Providers tab.
• Enter the following information into the corresponding fields. Click on Save.

Service Provider Name	RocketChat
SP Entity ID or Issuer	https://<your-rocketchat-url>/_saml/metadata/<name-of-your-app>
ACS URL	https://<your-rocketchat-url>/_saml/validate/<name-of-your-app>
NameID Format	urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
Assertion Signed	Check to sign the SAML Assertion.

3. Attribute Mapping (This is a premium feature)

• Select Attribute/Role Mapping. In the User Attributes section, enter the following information. Click Save.
  

  cn	first_name
  email	user_email
  username	user_login



In this Guide, you have successfully configured RocketChat SAML Single Sign-On (RocketChat SSO Login) choosing RocketChat as SP and WordPress as IdP using miniOrange plugin-Login using WordPress Users (WP as SAML IDP). This solution ensures that you are ready to roll out secure access to your WordPress (WP) site using RocketChat login credentials within minutes.

Additional Resources

• What is RocketChat?
• What is Single Sign-On (SSO)?
• What is SAML?
• Single Sign-On (SSO) for RocketChat
• Login into WordPress
• Additional SAML IDP guides
• Frequently Asked Questions (FAQs)