WordPress SAML Single Sign-On (SSO) with Magento as SAML IdP . Magento SAML IdP extenstion gives you the ability to use your Magento credentials to login into WordPress (SP). Here we will go through a step-by-step guide to configure SSO between WordPress as SP (Service Provider) and Magento as IDP (Identity Provider).

Pre-requisites: Download and Installation

Installation using Composer:

• Purchase the miniOrange SAML IDP Single Sign-On extension from magento marketplace.
• Go to My profile -> My Purchases
• Please ensure you are using correct access keys (My Profile - Access Keys)
• Paste the access keys in your auth.json file inside your project
• Use the below command to add the extension to your project.

  "composer require {module_name}:{version}"

• You can see the module name and list of versions in the selector below the extension module name.
• Run the following commands on command prompt to enable the extension.

php bin/magento setup:di:compile

php bin/magento setup:upgrade

Manual Installation:

• Download the miniOrange SAML IDP Single Sign-On extension.
• Unzip all contents of the zip inside the MiniOrange/IDPSaml directory.

{Root Directory of Magento} app code MiniOrange IDPSaml

• Run the following commands on command prompt to enable the extension

php bin/magento setup:di:compile

php bin/magento setup:upgrade

Steps to configure WordPress SAML Single Sign-on ( SSO ) Login into Magento 2

1. Configuring WordPress as Service Provider

• In miniOrange SAML plugin, go to Service Provider Setup tab of the miniOrange WP SAML Service Provider plugin. There are two ways to configure the plugin:


A. By Uploading IDP Metadata

• Click on Upload IDP metadata button.
• Enter the Identity Provider Name
• You can either upload a metadata file and click on Upload button or use a metadata URL and click on Fetch Metadata.


B. Manual Configuration

• Navigate to Service Provider Setup tab of the miniOrange SAML SP plugin.
• Provide the required settings (i.e. Identity Provider Name, IdP Entity ID or Issuer, SAML Login URL, X.509 Certificate) as provided by your Identity Provider.
• Click on the Save Configuration button to save your configuration.

2. Enable SSO settings

• You can add a login widget to enable SP-Initiated SSO on your site.
• Navigate to Redirection and SSO links tab and follow the steps given under Option 1: Use a Widget to add a login widget on your site.

3. Configure Magento as Identity Provider

• In the miniOrage SAML Identity Provider extension, go to Service Provider settings tab of the extension.
• Provide the required settings (i.e. SP Entity ID/Issuer, ACS URL) find to your Service Provider WordPress and click on Save button to save your configuration.


Note: The Relaystate URL is mandatory if you want to use Identity Provider (IDP)/Magento initiated flow.

4. Attribute Mapping

• In the Magento IDP extension, navigate to the Attribute Mapping tab.
• In the User Attributes section, enter the following information and click on Save .
• You can also add more attributes by clicking on + sign to add attributes.

Name	User Meta Data
username	user_login
displayName	display_name
email	user_email

5. SSO Testing

• Open a new browser or private incognito window and enter your WordPress URL, which will redirect you to the Magento login screen.
• Enter your Magento credentials and click the log in button.
• If you are redirected to your WordPress start page and successfully logged in, your configuration is correct.

Additional Resources

• What is Single Sign-On (SSO)?
• What is SAML?
• Magento SAML Single Sign-On (SSO)
• Magento OAuth Client Single Sign-On (SSO)
• Frequently Asked Questions (FAQs)