Login into office 365 from Wordpress using WS FED Protocol

Login into office 365 from Wordpress using WS FED protocol

Office 365 is a suite of applications which consists office applications as well as cloud related services that are available on internet. Office 365 business plans include services like web conferencing and email services for business. Sharepoint is a web-based collaborative platform which is integrated in office 365 suite which works at backend and joins PCs and mobile devices together, allowing communication and thus efforts can be united.

Our Solution

Many a times user accounts are in Wordpress and user needs to login into another application (office 365) with same login credentials of Wordpress. This can be achieved by using Single Sign ON (SSO). Our Single Sign ON solution allows user to login straightway to office 365 through the account in Wordpress. A plugin called as Login with wordpress users needs to be configured in order to accomplish single sign on.

Wordpress acts as a identity provider while Office 365 application is a service provider. WS Fed is a protocol which is used for authentication and authorization. It is a protocol which provides additional features other than SAML in which trust is built on Request Security Token Response (RSTR) which allows protocol processing to least bother about the kind of token which is transmitted. User can SSO through both the applications Wordpress and any other application (like Office 365).

Login flow for office 365

office-365-sso-1

Advantages of Single Sign On solution:

User can login using single credentials, no need to remember different user names and passwords.
User can single sign on into any application other than office 365 also if they are WS Fed compliant.

Step by step guide to set up office 365 using WS Fed

Step 1: Install Windows Azure AD Module for Windows Powershell.

Download and install the appropriate Microsoft Online Services Sign-In Assistant version for your operating system (see Microsoft Online Services Sign-In Assistant for IT Professionals RTW).
Download and Install the Windows Azure Active Directory Module for Windows PowerShell (see Install the Windows Azure AD Module).
Connect to Windows Azure AD by running the PowerShell command: import-module MSOnline.

office-365-sso-2

Step 2: Set an Authentication Source.

Connect to Microsoft Online Service by running the command: Connect-MsolService.
Enter your admin credentials to authenticate yourself.
Run the Convert-MsolDomainToStandard command to convert your domain from federated to managed. This is done so that you can set authentication properties . It will ask for the following parameters:

passwordfile = put anything in it
SkipUserConversion = put false in it
Domain name = < your_domain >

Copy and run the command given under the Service Provider Tab of the plugin. Make sure to replace with your federated domain before running the command.
[ Note: You can run the Get-MsolDomain command to know your federated domain. ]

office-365-sso-3

Run the Get-MsolDomainFederationSettings to check if the configuration was saved successfully.

office-365-sso

Step 3: Configure the Plugin.

In miniOrange plugin, go to Identity Provider tab. Click on Add New SP button and Choose WS-FED.

office-365-sso-4

Enter the following values and click on the Save button to save your settings:

Service Provider Name : Of your choosing.
SP Entity ID or Issuer : urn:federation:MicrosoftOnline
Application Service Endpoint : https://login.microsoftonline.com/login.srf
NameID Format : Select urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress

Step 4: Attribute Mapping.

Configure the plugin to send relevant user details under the Attribute/Role Mapping Tab of the plugin. Make sure you have the following attributes configured:

NameID Attribute : The user_meta which stores the user’s email attribute.
UPN : The user_meta which stores the User Principal Name.
ImmutableID : The user_meta which stores the ImmutableID of the user.
IDPEmail : The user_meta which stores the user’s email attribute.

office-365-sso-5

Step 5:

Logout of WordPress. Go to https://login.microsoftonline.com/ and log in to your account. You will be redirected to the WordPress login page. After successful authentication you should be redirected back to Office 365 and get logged in.