Search Results :

×


Additional Configuration for WordPress Keycloak Single Sign-On


Once the WordPress Keycloak SSO has been configured, you can proceed with some additional configuration steps to make the most out of WP Single Sign-On. This includes steps for Advanced & Custom Attribute Mapping, Group & Role Mapping, Single Logout, and more.

  • In the Service Provider Setup tab, after metadata exchange click on Test Connection.
  • After performing SSO, the default attributes will be sent from Keycloak and will be available for Attribute Mapping.
Attribute Mapping | WP Keycloak SSO configuration

Adding extra Attributes on the Keycloak Side:

  • Go to the Clients section.
  • From the Clients List, click on the Client ID of your configured client application.
  • Navigate to the Mapper tab.
  • Click on Add Mapper and select By configuration.
Add new Attributes | WordPress Keycloak SSO configuration
  • Now, click on the User Attribute option.
Configure Mapping | WP Keycloak SSO
  • Fill the details as per the table below:
Name The name you want to give to this mapper.
User Attribute The custom attribute which you wish to send to your Service Provider.
Friendly Name(optional) Any readable name.
SAML Attribute Name The name with which you want to send that custom attribute to your service provider.
Configure keycloak attribute | WP Keycloak SSO configuration
  • Then, click on the Save button.
  • This feature allows you to create custom attributes that can be mapped with any of the attributes sent by the keycloak. This is stored in user meta table in WordPress database.
  • To display this custom attribute in the users menu table in WordPress, enable the Display Attribute toggle.
Custom Attribute Mapping | WordPress Keycloak SSO configuration
  • The Attribute Mapping section also provides mapping for fields named Group/Role.
  • This attribute will contain the role-related information sent by the Identity Provider (i.e, Keycloak).
  • The roles are allocated to specific users on the bases of their roles/groups at the time of login.
  • The value of this attribute which is mapped to Group/Role will be considered in the Role Mapping section.
Role Mapping | WP Keycloak SSO configuration
  • Values of selected Group/Roles of respective users can be placed in the input box of different default Roles which have to be assigned to the respective user.
Role Mapping | WP Keycloak configuration
  • For Example:
    1. For example, If you want a user whose Group/Role attribute value is SAML to be assigned as an Editor in WordPress, just provide the mapping as SAML in the Editor field of Role Mapping section.
    Final Role Mapping | WP Keycloak configuration
  • Copy the Single Logout URL from the Service Provider Metadata tab.
  • Now, navigate to your Keycloak admin dashboard.
  • Go to the Clients section and click on the Client ID of your configured client application.
  • Under Advanced tab, go to the Fine Grain SAML Endpoint Configuration and configure the following details:
  • Logout Service POST Binding URL Single Logout URL that you copied from Service Provider metadata.
    Logout Service Redirect Binding URL Single Logout URL that you copied from Service Provider metadata.
    Logout Service ARTIFACT Binding URL Single Logout URL that you copied from Service Provider metadata.
Single logout url plugin side | WP Keycloak SSO configuration
  • And, click on Save.
  • In the Service Provider Setup tab, enable the Sign SSO & SLO Requests toggle for performing Signed SSO and Single Logout Requests.
Signed Request plugin | Keycloak WordPress SSO configuration
  • Then, click on the Save button to save the configuration.
  • Go to the Manage Certificates tab and under the miniorange default certificate configuration click on Download Certificate.
Verification certificates | WP Keycloak SSO configuration
  • Then, open your Keycloak admin dashboard and go to the Clients section.
  • Click on the Client ID of your configured client application.
  • Now, navigate to the Keys tab and enable the Client signature required toggle.
SP Certificate | Keycloak WordPress SSO configuration
  • Configure the further information as per below table:
  • Select method import
    Archive Format JKS
    Import File Upload the certificate you downloaded from the plugin side.
    Key alias Your username
    Store password Your password
check options | WordPress Keycloak SSO configuration
  • Then, click on Confirm.

Setting up additional configuration for Advanced & Custom Attribute Mapping, Group & Role Mapping, Single Logout along with SSO allows you to maximize efficiency and user identity management from your IDP to your WordPress site.


ADFS_sso ×
Hello there!

Need Help? We are right here!

support