Search Results :

×

Additional configuration for WordPress Keycloak Single Sign-On


Once the WordPress Keycloak SSO has been configured, you can proceed with some additional configuration steps to make the most out of WP Single Sign-On. This includes steps for Advanced & Custom Attribute Mapping, Group & Role Mapping, Single Logout, and more.

1. Attribute Mapping

  • In the Service Provider Setup tab, after metadata exchange click on Test Connection.
  • After performing SSO, the default attributes will be sent from Keycloak and will be available for Attribute Mapping.
  • Attribute Mapping | WP Keycloak SSO configuration

Adding extra Attributes on the Keycloak Side:

  • Go to the Clients section.
  • From the Clients List, click on the Client ID of your configured client application.
  • Navigate to the Mapper tab.
  • Click on Add Mapper and select By configuration.
  • Attribute Mapping | WP Okta SSO configuration
  • Now, click on the User Attribute option.
  • Attribute Mapping | WP Okta SSO configuration
  • Fill the details as per the table below:
  • Name The name you want to give to this mapper.
    User Attribute The custom attribute which you wish to send to your Service Provider.
    Friendly Name(optional) Any readable name.
    SAML Attribute Name The name with which you want to send that custom attribute to your service provider.
    Attribute Mapping | WP Okta SSO configuration
  • Then, click on the Save button.

2. Custom Attribute Mapping

  • This feature allows you to create custom attributes that can be mapped with any of the attributes sent by the keycloak. This is stored in user meta table in WordPress database.
  • To display this custom attribute in the users menu table in WordPress, enable the Display Attribute toggle.
  • Attribute Mapping | WP Okta SSO configuration

3. Role Mapping

  • The Attribute Mapping section also provides mapping for fields named Group/Role.
  • This attribute will contain the role-related information sent by the Identity Provider (i.e, Keycloak).
  • The roles are allocated to specific users on the bases of their roles/groups at the time of login.
  • The value of this attribute which is mapped to Group/Role will be considered in the Role Mapping section.

  • Role Mapping | WP Salesforce SSO configuration
  • Values of selected Group/Roles of respective users can be placed in the input box of different default Roles which have to be assigned to the respective user.

  • Role Mapping | WP Salesforce SSO configuration
  • For Example:
    1. For example, If you want a user whose Group/Role attribute value is SAML to be assigned as an Editor in WordPress, just provide the mapping as SAML in the Editor field of Role Mapping section.
    2. Attribute Mapping | WP Okta SSO configuration

4. Single Logout

  • Copy the Single Logout URL from the Service Provider Metadata tab.
  • Now, navigate to your Keycloak admin dashboard.
  • Go to the Clients section and click on the Client ID of your configured client application.
  • Under Advanced tab, go to the Fine Grain SAML Endpoint Configuration and configure the following details:
  • Logout Service POST Binding URL Single Logout URL that you copied from Service Provider metadata.
    Logout Service Redirect Binding URL Single Logout URL that you copied from Service Provider metadata.
    Logout Service ARTIFACT Binding URL Single Logout URL that you copied from Service Provider metadata.
    Attribute Mapping | WP Okta SSO configuration
  • And, click on Save.

5. Signed SSO Requests

  • In the Service Provider Setup tab, enable the Sign SSO & SLO Requests toggle for performing Signed SSO and Single Logout Requests.

  • Signed SSO Requests | WP Okta SSO configuration
  • Then, click on the Save button to save the configuration.
  • Go to the Manage Certificates tab and under the miniorange default certificate configuration click on Download Certificate.
  • Attribute Mapping | WP Okta SSO configuration
  • Then, open your Keycloak admin dashboard and go to the Clients section.
  • Click on the Client ID of your configured client application.
  • Now, navigate to the Keys tab and enable the Client signature required toggle.
  • Attribute Mapping | WP Okta SSO configuration
  • Configure the further information as per below table:
  • Select method import
    Archive Format JKS
    Import File Upload the certificate you downloaded from the plugin side.
    Key alias Your username
    Store password Your password
    Attribute Mapping | WP Okta SSO configuration
  • Then, click on Confirm.

Conclusion

Setting up additional configuration for Advanced & Custom Attribute Mapping, Group & Role Mapping, Single Logout along with SSO allows you to maximize efficiency and user identity management from your IDP to your WordPress site.

Hello there!

Need Help? We are right here!

support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com