WooCommerce is an open-source and customizable ecommerce WordPress plugin that can be utilized to build an online presence for your business in a few minutes. With the online construction of your business platform, comes the requirement of users storing their information and providing users with a secure way to log into your site.
With Single Sign-On activated on the WordPress site, the users will be spared of the tedious procedure of registration as well as providing profile details such as Name, E-mail address, Address and so on while checking out.
In addition to effortless transactions for the users, site management also becomes easier for the site administrator by allowing tracking of the user details. The admin can even assign users to various groups on the basis of the product they purchase and provide suggestions for similar products.
miniOrange WordPress SAML SSO Plugin enables seamless SSO login into your WordPress sites via authentication through any SAML 2.0 compliant Identity Provider.
Once you authenticate or login via your Identity Provider, you also log into your WordPress sites without manually having to re-enter your credentials. The plugin allows your Woocommerce site to act as a SAML SP (Service Provider) which can be configured to establish trust between your site and IdP to securely authenticate and enable SSO / Login for the user into the Woocommerce site. The added advantage of SSO is that your credentials are stored in your Identity Provider and nowhere else, which adds another layer of security to your credentials.
miniOrange WordPress SAML SSO Plugin supports SSO setup with all major SAML compliant IDPs like AzureAD, Okta, AzureB2C, ADFS, Keycloak, GoogleApps and many more.
Key Features
miniOrange SAML 2.0 SSO Plugin provides multitudinous features which can be summed up as follows:
Force Authentication: It allows restriction of your WooCommerce site only to the logged-in users by automatic redirection of users to the IdP login page.
Attribute and Role Mapping (User Sync): It allows syncing/mapping of user-profiles from the IdP to WooCommerce profile fields and also assigns roles based on the user's group. You can check out the use-case for WooCommerce sync with Keycloak using our WP SAML SSO Plugin.
Shortcode/Widget/Link for SSO Login: You can add a link, shortcode or a button anywhere on your WooCommerce site to authenticate users via your Identity Provider.
Single Logout: This feature allows you to terminate a user's SSO session on your WooCommerce site as well as their Identity Provider when the user logs out of your Woocommerce site.
Multiple IDP Support: It supports Single Sign-On from multiple IdPs into your WooCommerce website. You can also enable Federation SSO for allowing users to login via their university credentials.
Multisite Network Support: You can configure the same SSO login with the same IdP for all subsites in a multisite network and manage SSO settings for each subsite at the network level.
Prefill checkout pages: Users can SSO from their IdPs into the WooCommerce site during checkout to get pre filled user data fields before the purchase.
Page Restriction: You can configure your WooCommerce site in such a way that specific pages/posts can be restricted only to logged-in users. Users would be redirected to their IdP login page whenever they try to access a restricted page/post.
How to setup Single Sign-On in WooCommerce using miniOrange?
Configure WP SAML SSO 2.0 Plugin: To setup SSO into your WooCommerce website, you will need to configure the WP SAML SSO Plugin with your Identity Provider. To do so, you would need the IdP metadata in the form of URL or file. The IdP details needed to be configure the plugin are - IDP Entity ID, SAML Login URL, and X.509 Certificate
You can find your Identity Provider step-by-step guide from here.
If you cannot find your Identity Provider in the list, you can follow the instructions in the guide below to setup the plugin:
Once the miniOrange SAML 2.0 SSO Plugin is installed, navigate to the Service Provider Setup tab in the plugin.
Search for your Identity Provider name or click on your Identity Provider from the given Identity Providers.
If your Identity Provider Name is not there in the default list, you can click on Custom IDP to add custom Identity Provider.
Navigate to the Service Provider Setup tab of the plugin and provide your Identity Provider details like IdP Entity ID, SAML Login URL, and X.509 Certificate.
If you have the IdP metadata file or URL, you can directly upload the IdP metadata by clicking on the Upload IDP Metadata File/XML button.
Click on Save button once you have entered all the required information.
Now, to test your configuration, click on the Test Configuration button.
On successful configuration, you will get a TEST SUCCESSFUL message and the Attribute Name and Attribute Values in the Test Configuration window.
WooCommerce User Profile Mapping
WooCommerce User profiles can be mapped based on the user details received from the Identity Provider (IdP) with the help of attribute mapping.
Basic Attribute Mapping: Basic WooCommerce attributes include Username, Email, First Name, Last Name, Role and Display Name, which can be mapped based on IdP attributes.
To map the WooCommerce attributes mentioned above navigate to the Attribute/Role Mapping tab of the WP SAML SSO Plugin.
Under the Attribute Mapping section, select the attribute values you want to assign to the respective fields from the dropdown list.
For example, you can map Username as the First Name of the user by selecting the attribute value from the dropdown list.
Custom Attribute Mapping: Allows you to Map Custom Attributes i.e. you can map additional IdP attributes to WooCommerce users’ profile.
You can enable the Display Attribute option for an attribute if you want to display it in the Wordpress Users menu.
To add a custom attribute navigate to Attribute/Role Mapping section of the WP SAML SSO Plugin.
Under Map Custom Attributes, enter your desired name under the Custom Attribute Name and assign the Attribute Name from IdP by selecting the attribute value from the dropdown list.
Click on Add Attribute to add more custom attributes. Once done, click on Save.
For example, you can create an attribute Phone and assign your desired attribute value by assigning it the Attribute Name from IDP containing that value.
WooCommerce User Group/Role Mapping
Default Role Mapping: Users can be assigned roles on the basis of the IdP groups they belong to.
Go to the Attribute/Role Mapping section of the SAML SSO Plugin and scroll down to the Role Mapping section.
You can choose the Default Role for the users which would be assigned to every SSO user.
Advanced Role Mapping: For assigning specific roles to users in specific IdP groups, you will need to mention the IdP Attribute Name in which the group values are being received from the Identity Provider.
Go to the Attribute/Role Mapping tab of the miniOrange WP SAML SSO plugin.
Under Attribute Mapping section, provide the Group/Role value as groups and click on the Save button.
You can assign roles to groups by entering the group name in the input box for each WordPress role.
Click on Save.
For example, if you want to set the roles Customer and Store Manager in your WooCommerce to group_1 and group_2 groups in your IdP, any user in the group_1 will be automatically mapped as a Customer and group_2 as a Store Manager in WooCommerce, at the time of SSO.
Extended Role Mapping
Do not auto-create users if roles are not mapped: By enabling this feature you can create users in Woocommerce based on attributes received from the IdP.
Do not assign roles to unlisted users: Enabling this feature allows you to update the roles of existing WooCommerce users and does not assign any Woocommerce roles to new users.
Do not update existing users’ roles: Enabling this feature would not change the existing user’s given role in the WooCommerce site “after SSO”.
Do not allow the users to log in with particular roles: By enabling this feature you can restrict login into your WooCommerce site to specific users based on their IdP groups.
Other than this users can also create Custom Roles for different groups to limit access.
How to initiate SSO from WooCommerce site?
Auto-Redirection from WooCommerce site: If a login session is not found on the WooCommerce site while accessing it, the user is automatically redirected to the IdP login page for authentication. A Forced Authentication option is available in this which forces the user to authenticate themselves each time they try to login into the WooCommerce site.
Auto-Redirection from WordPress: This feature redirects users to the IdP login page when they try to access any WooCommerce site admin page. This feature comes with a functionality of backdoor access to your WooCommerce site through your WordPress login in case you are locked out of your IdP site.
Login Button: It is used to create a login button on the WordPress login page to redirect users to IdP Login Page for authentication. This also provides an option to redirect all the users to the WordPress login page, from where the users can initiate SSO.
SSO Links: Widget, shortcode or SSO link can be placed on any page/post and header/footer on the WooCommerce site for users to login with their IdP credentials (SSO).
Restricting access to WooCommerce site
Auto-redirection: With the help of this feature, users can be automatically redirected to the IdP login page when accessing any page/post of the Woocommerce site.
To enable this option, navigate to the Redirection & SSO links tab in the WP SAML SSO Plugin.
Enable the Redirect to IdP if user not logged in [PROTECT COMPLETE SITE] option.
You can also enable the Force authentication with your IdP on each login attempt option to force the user to authenticate themselves through their IdP on each login attempt on the WooCommerce site.
Domain Mapping: This feature enables you to restrict/allow Woocommerce site access to users from a particular domain.
To enable this option navigate to the Attribute/Role Mapping section of the WP SAML SSO Plugin.
Under Domain Restriction enable the Enable domain restriction login. Enter the domain you want to restrict or allow access to and click on Save.
When a user from a restricted domain tries to login he/she will receive the following error message.
This message can be customised under the Restricted Domain error message under Custom Messages section.
Restrict Specific Pages/Posts on your WooCommerce Site
With the help of Page Restriction plugin you can restrict specific pages/posts on your WooCommerce site i.e. users will be required to login through their IdP to access restricted pages.
Go to the Page Restriction plugin and navigate to Restrict to logged in Users tab.
Under Select pages you want to give access to Logged in Users only, select the pages which you want to restrict to logged in users only and click on Save Configuration.
On the right side under Page Restrict Options select Single Sign-On option.
Note: Enabling this option will let your users SSO into the WooCommerce site using their IdP credentials when they try to access the restricted page.
Using Page Restriction you can also restrict specific pages or posts based on the WordPress user roles.
Pre-fill WooCommerce Checkout Fields
With the help of WooCommerce Integrator you can prefill the checkout page fields before payment. It allows you to map attributes sent by your Identity Provider to the appropriate checkout fields in WooCommerce.
Once you have successfully tested the SSO configuration using the Test Configuration button in the SAML SSO Plugin, navigate to the WooCommerce Integrator, there you will see the IdP attributes in a table on the right side.
Now, under the WooCommerce Configuration section choose the appropriate IDP attributes for the WooCommerce Checkout Fields.
Click on Save.
Upon the correct configuration of WooCommerce Integrator for your WooCommerce site, authenticated users will see the checkout fields filled with IDP attributes assigned to the WooCommerce Checkout Fields.
Our WordPress SAML SSO Plugin supports integrations with a number of addons to extend the functionality of your site.
If you have any custom requirement, please contact us at samlsupport@xecurify.com and we will help you achieve your use case.