Single Sign On for Wordpress
miniOrange provides a ready to use solution for Wordpress. This solution ensures that you are ready to roll out secure access to Wordpress to your employees within minutes.

SETUP GUIDE FOR SIMPLESAML AS IdP

STEP 1: In config/config.php, make sure that 'enable.saml20-idp' is true. Example:

'enable.saml20-idp' => true

STEP 2: In metadata/saml20-idp-hosted.php, configure SimpleSAML as an Identity Provider like this:

 $metadata['__DYNAMIC:1__'] = array(
	'host' => '__DEFAULT__',
	/* X.509 key and certificate. Relative to the cert directory. (Create a cert directory in SimpleSAML root folder and place you 
	 certificates there.)*/
	'privatekey' => '<YOUR_PRIVATE_KEY_FILE_NAME>', // eg. RSA_Private_Key.pem
	'certificate' => '<YOUR_PUBLIC_KEY_FILE_NAME>', // eg. RSA_Public_Key.cer
	/*Authentication source to use. Must be one that is configured in config/authsources.php. This Auth Source is used for 
	 authenticating your users.*/
	'auth' => '<YOUR_AUTH_SOURCE_NAME>',
 );

STEP 3: In metadata/saml20-sp-remote.php, register your Servider Provider like this:

 $metadata['<SP-EntityID / Issuer from Step1 of the plugin under Identity Provider Tab.>'] = array(
	'AssertionConsumerService' => '<ACS (AssertionConsumerService) URL from Step1 of the plugin under Identity Provider Tab.>',
	'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
	'simplesaml.nameidattribute'=> 'mail', // This is your user's Email attribute name
	'simplesaml.attributes' => true, // Set this to false if you do not want to send attributes in SAML response
	'attributes' => array('mail', 'firstName', 'lastName'), // Provide comma separated list of attribute names
 );
  /*NOTE: 'NameIDFormat' & 'simplesaml.nameidattribute' are important for returning user's Email in SAML Response.*/
 

STEP 4: In miniOrange SAML plugin, go to Service Provider tab and enter the following details:

Identity provider Name: SimpleSAML
SAML Login URL https://<your domain>/simplesaml/saml2/idp/SSOService.php
IdP Entity ID or Issuer https://<your domain>/simplesaml/saml2/idp/metadata.php
X.509 Certificate Your public key certificate that you configured in metadata/saml20-idphosted.php file.
Response Signed Checked
Assertion Signed Checked (By default in SimpleSAML, Assertion is signed but if you have set it to false then please keep it unchecked)