Hello there!

Need Help? We are right here!

miniOrange Support

Thanks for your inquiry.
One of our representatives will get in touch with you shortly via email.

Single Sign On for Wordpress
miniOrange provides a ready to use solution for Wordpress. This solution ensures that you are ready to roll out secure access to Wordpress to your employees within minutes.


STEP 1: In conf/idp.properties, uncomment and set 'idp.encryption.optional' to true. Example:

idp.encryption.optional = true

STEP 2: In conf/metadata-providers.xml, configure Wordpress as an SP like this:

<MetadataProvider xmlns:samlmd="urn:oasis:names:tc:SAML:2.0:metadata" 
	id="miniOrangeInLineEntity" xsi:type="InlineMetadataProvider" sortKey="1">
	<samlmd:EntityDescriptor ID="entity" entityID="<SP-EntityID / Issuer from Step1 of the plugin under Identity Provider Tab.>" 
		<samlmd:SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="true" 
				Location="<ACS (AssertionConsumerService) URL from Step1 of the plugin under Identity Provider Tab.>" 
					index="1" />

STEP 3: In conf/saml-nameid.properties, uncomment and set default NameID as EmailAddress like this:


STEP 4: In conf/saml-nameid-xml, search for shibboleth.SAML2NameIDGenerators.
Uncomment the shibboleth.SAML2AttributeSourcedGenerator bean and comment all other ref beans. For eg. your SAML 2 NameID Generation tag should look like this:

 <!-- SAML 2 NameID Generation -->
 <util:list id="shibboleth.SAML2NameIDGenerators">
	<!-- <ref bean="shibboleth.SAML2TransientGenerator" /> -->
	<!-- <ref bean="shibboleth.SAML2PersistentGenerator" /> -->
	<bean parent="shibboleth.SAML2AttributeSourcedGenerator"
		p:attributeSourceIds="#{ {'email'} }" />

STEP 5: Make sure you have defined AttributeDefinition in conf/attribute-resolver.xml.
For eg. you have LDAP configured for authentication then your AttributeDefinition should look like this:

	 Note: AttributeDefinition id must be same as what you provided in
	 attributeSourceIds in conf/saml-nameid.xml
 <resolver:AttributeDefinition xsi:type="ad:Simple" id="email" sourceAttributeID="mail">
	<resolver:Dependency ref="ldapConnector" />
	<resolver:AttributeEncoder xsi:type="enc:SAML2String" name="email" friendlyName="email" />
 <resolver:DataConnector id="ldapConnector" xsi:type="dc:LDAPDirectory"
	<!-- Define you User Search Filter here -->

STEP 6: Make sure you have AttributeFilterPolicy defined in conf/attribute-filter.xml
For eg. attributeID must be same as AttributeDefinition ID defined in previous step.

 <afp:AttributeFilterPolicy id="ldapAttributes">
	<afp:PolicyRequirementRule xsi:type="basic:ANY" />
	<afp:AttributeRule attributeID="email">
		<afp:PermitValueRule xsi:type="basic:ANY"/>

STEP 7: Restart the Shibboleth Server and go to Service Provider tab in miniOrange SAML plugin. Then enter the following details:

Identity provider Name: Shibboleth
SAML Login URL https://<your domain>/idp/profile/SAML2/Redirect/SSO
IdP Entity ID or Issuer https://<your domain>/idp/shibboleth
X.509 Certificate The public key certificate of your IdP
Response Signed Checked
Assertion Signed Checked

We offer Security Solutions of Single Sign-On, Two Factor Authentication, Fraud Prevention and much more.

Please call us at +1978 658 9387 (US), +91 77966 99612 (India) or email us at info@xecurify.com