| Both sides previous revision Previous revision Next revision | Previous revision |
| en:2.0:single_sign_on:saml_wordpress [2025/04/27 02:26] – kainhofer | en:2.0:single_sign_on:saml_wordpress [2025/04/27 22:07] (current) – [Configuring the Service Provider (Wordpress)] kainhofer |
|---|
| |
| Starting with version 5.0, Admidio can be used by other applications to authenticate users against Admidios user base. These instructions will guide you through the process of connecting Wordpress to Admidio to use Admidio's login. For general instructions, and other apps, please visit the [[en:2.0:single_sign_on|general Single-Sign-On overview page]]. | Starting with version 5.0, Admidio can be used by other applications to authenticate users against Admidios user base. These instructions will guide you through the process of connecting Wordpress to Admidio to use Admidio's login. For general instructions, and other apps, please visit the [[en:2.0:single_sign_on|general Single-Sign-On overview page]]. |
| | |
| | While the Wordpress plugin directory lists several choices for SAML login, only the [[https://wordpress.org/plugins/onelogin-saml-sso/|OneLogin SAML SOO]] plugin is free and supports permissions depending on the Admidio groups/roles. |
| |
| ===== Prerequisites ===== | ===== Prerequisites ===== |
| |
| Basically, one (1) needs to **create a cryptographic key** to sign message and **choose a unique EntityID**. | Basically, one (1) needs to **create a cryptographic key** to sign message and **choose a unique EntityID**. |
| The page preferences https://admidio.local/adm_program/modules/preferences.php?panel=sso also provides the link to the metadata xml, and the individual settings in case a client does not support auto-configuration via metadata. | The page preferences https://admidio.local/modules/preferences.php?panel=sso also provides the link to the metadata xml, and the individual settings in case a client does not support auto-configuration via metadata. |
| |
| ===== TL;DR; - Quick Overview ===== | ===== TL;DR; - Quick Overview ===== |
| === Setting up encryption === | === Setting up encryption === |
| |
| If encryption is desired for all SAML messages sent by Admidio to Wordpress, or if Wordpress should sign all its SAML requests, then Wordpress needs a private/public key pair to decrypt or sign messages. These need to be entered into the Wordpress SAML config in PEM format and can be generated by openssl's command line tools, or in Admidio's key administration. Simply create a new Key for Wordpress (RSA 2048 bits). The certificate can be copied directly from the key's edit page, but the private key is not available in Admidio's GUI for security reason. Instead, it can be downloaded (secured with a password!) from the list of keys in Admidio: | If encryption is desired for all SAML messages sent by Admidio to Wordpress, or if Wordpress should sign all its SAML requests, then Wordpress needs a private/public key pair to decrypt or sign messages. These need to be entered into the Wordpress SAML config in PEM format and can be generated by openssl's command line tools, by sites like https://www.samltool.com/self_signed_certs.php or in Admidio's key administration. Simply create a new Key for Wordpress (RSA 2048 bits). The certificate can be copied directly from the key's edit page, but the private key is not available in Admidio's GUI for security reason. Instead, it can be downloaded (secured with a password!) from the list of keys in Admidio: |
| |
| {{ :en:2.0:sso:sso_saml_02-03a_nc_saml_keysetup1.png?direct&400 |}} | {{ :en:2.0:sso:sso_saml_02-03a_nc_saml_keysetup1.png?direct&400 |}} |
