Follow the Step-by-Step Guide for Wordpress Single Sign On (SSO) using Salesforce as IdP
STEP 1: Configuring Salesforce as IdP
- Log into salesforce and go to Setup.
- From the left pane, select Identity->Identity Provider.
- In the Service Provider section click on the Service Providers are now created via Connected Apps. Click here.
- Enter Connected App Name, API Name and Contact Email.
- Under Web App Settings, check the Enable SAML checkbox and enter the following values:
| Entity ID
|| SP-EntityID / Issuer from Step1 of the plugin under Configure IDP Tab.
| ACS URL
|| ACS (AssertionConsumerService) URL from Step1 of the plugin under Configure IDP Tab.
| Subject Type
|Name ID Format
STEP 2: Assign Profiles
- Now from left pane, under Administration Setup, select Manage Apps » Connected Apps.
- Click on the App you just created.
- Under Manage Profiles, Select the profiles you want to give access to login through this app.
STEP 3: Download metadata for communities.
- Under SAML Login Information, click on Download Metadata.
- Open the downloaded file in some browser like chrome, firefox, IE.
- Search for "ds:X509Certificate" tab and copy the entire string under this tag. String would be like this: "MII....".
- Keep this certificate value handy for next steps.
STEP 4: Configuring Wordpress as SP
- In miniOrange SAML plugin, go to Configure SP Tab. There are two ways to configure the plugin:
I. By Uploading Salesforce Metadata.xml file(Recommended):
1. Click on the Import from Metadata in Configure SP Tab.
II. Manual Configuration :
2. Select IdP: Import from Metadata File.
3. Upload Salesforce Metadata.xml file and click on Import.
In miniOrange SAML plugin, go to Configure SP Tab. Enter the following values:
|IDP Entity ID
|Single Sign On URL
||Paste the certificate value you copied from the Metadata file.
STEP 5: Attribute Mapping
- Attributes are user details that are stored in your Identity Provider
- Attribute Mapping helps you to get user attributes from your IdP and map them to WordPress user attributes like firstname, lastname etc.
- While auto registering the users in your WordPress site these attributes will automatically get mapped to your WordPress user details.
- In miniOrange SAML plugin, go to Attribute/RoleMapping tab and fill in all the fields.
||Name of the username attribute from IdP (Keep NameID by default)
||Name of the email attribute from IdP (Keep NameID by default)
||Name of the firstname attribute from IdP
||Name of the lastname attribute from IdP
||Name of the Role attribute from IdP
- You can check the Test Configuration Results to get a better idea of which values to map here.
STEP 6: Role mapping (It is Optional to fill this).
- WordPress uses a concept of Roles, designed to give the site owner the ability to control what users can and cannot do within the site.
- WordPress has six pre-defined roles: Super Admin, Administrator, Editor, Author, Contributor and Subscriber.
- Role mapping helps you to assign specific roles to users of a certain group in your IdP.
- While auto registering, the users are assigned roles based on the group they are mapped to.
STEP 7: Sign In Setting
- Go to Sign In Settings tab. Enable auto-redirect to IDP using Redirect to IdP if user not logged in option.
For further details refer :