Wordpress SSO

CONFIGURING SAML FOR WORDPRESS

ADDITIONAL SAML SSO INTEGRATION GUIDES

• Configuring SAML For Signal Sciences
• Configuring SAML for 8x8
• Configuring SAML for Adaptive Insights
• Configuring SAML for Accellion
• Configuring SAML for Ariba
• Configuring SAML for AsureSpace: Workspace Manager
• Configuring SAML for AtTask
• Configuring SAML for BambooHR
• Configuring SAML for Benevity
• Read More 

These steps will guide you through setting up the Single Sign-On functionality between OneLogin and WordPress.

This guide assumes that WordPress is running on a local machine. Before beginning the SAML integration process, we recommend getting WordPress properly installed and configured for ease of testing. More information on installation best practices can be found here in Installing Wordpress.

Setting Up OneLogin

Starting in the OneLogin admin dashboard portal, do the following:

1. Go to to Apps > Add Apps.
2. Search for WordPress that is a SAML 2.0 connector and select it.
   
   You may edit the Display Name if desired.
3. Click Save.
4. Select the Config uration tab.
5. Under Consumer URL, put the full consumer URL of your WordpPress site - this will take the form of http://{prefix}.{your_subdomain}.com/wp-login.php?saml_acs
6. Under Logout URL put http://app.onelogin.com/client/apps or if you have configured WordPress for Single Logout you can enter https://{prefix}.{your_subdomain}.com/wp-login.php?saml_sls
   
7. Click Save.
8. Select the Parameters tab.
9. Ensure that Credentials are Configured by admin and that the mappings are as follows:
   Email -> EmailEmail (attribute) -> EmailFirst Name -> First NameLast Name-> Last NameMember Of -> MemberOfUsername -> Username
10. Note: To bypass sso once configured, use this URL:
    http://{prefix}.{your_subdomain}.com/wp-login.php?normal
11. Click Save.
12. Select the SSO tab.
13. Copy down the SAML2.0 Endpoint (HTTP) URL.
14. Copy down the Issuer URL
15. Click View Details.
16. Select the Clipboard Icon to copy the entirety of the X.509 Certificate string.

Both URLS and the Certificate will be put into WordPress to confirm the SAML SSO connection. 

Now go into your organizations WordpPress admin account.

Setting Up WordPress

In the WordPress admin dashboard, do the following:

1. Select the navigation menu and go to Plugins > Add New.
2. Search for OneLogin SAML SSO in the search field..
3. Select it to add the plugin to the Plugins section in the navigation menu.
   
4. In the navigation menu, go to Settings > SSO/SAML Settings.
5. Fill out the Identity Provider Settings section with the following information:
   IdP Entity ID: <your_issuer_url>Single Sign On Service URL: <your_http_endpoint_url>Single Log Out Service URL: -blank- OR <http://app.onelogin.com/client/appsX.509 Certificate: <your_x.509_certificate>
6. Fill out the Attribute Mapping section with the following information:
   Username: User.UsernameE-mail: User.emailFirst Name: User.FirstNameLast Name: User.LastNameRole: memberOf
   
7. Click Save Changes.

With the configuration complete, OneLogin and WordPress should be connected through SAML!

Troubleshooting Email Mismatch

In some cases, the WordPress account admin email may not match the OneLogin admin email. This can be remedied by doing the following:

1. Go to Users > Account_Owner.
2. Select the Applications tab.
3. Select WordPress to open the Edit Login pane.

Here you may overwrite the default fields for your WordPress login and insert the correct information to match your OneLogin credentials with your WordPress credentials.

Note: WP Engine and similar Wordpress hosts cache plugins and protect the wp-login.php view. Contact your Wordpress host to disable the cache for this SAML plugin and to also allow external HTTP POSTs towp-login.php