This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision |
| en:2.0:single_sign_on:saml_wordpress [2025/04/27 09:53] – kainhofer | en:2.0:single_sign_on:saml_wordpress [2025/04/27 22:07] (current) – [Configuring the Service Provider (Wordpress)] kainhofer |
|---|
| |
| Basically, one (1) needs to **create a cryptographic key** to sign message and **choose a unique EntityID**. | Basically, one (1) needs to **create a cryptographic key** to sign message and **choose a unique EntityID**. |
| The page preferences https://admidio.local/adm_program/modules/preferences.php?panel=sso also provides the link to the metadata xml, and the individual settings in case a client does not support auto-configuration via metadata. | The page preferences https://admidio.local/modules/preferences.php?panel=sso also provides the link to the metadata xml, and the individual settings in case a client does not support auto-configuration via metadata. |
| |
| ===== TL;DR; - Quick Overview ===== | ===== TL;DR; - Quick Overview ===== |
| === Setting up encryption === | === Setting up encryption === |
| |
| If encryption is desired for all SAML messages sent by Admidio to Wordpress, or if Wordpress should sign all its SAML requests, then Wordpress needs a private/public key pair to decrypt or sign messages. These need to be entered into the Wordpress SAML config in PEM format and can be generated by openssl's command line tools, or in Admidio's key administration. Simply create a new Key for Wordpress (RSA 2048 bits). The certificate can be copied directly from the key's edit page, but the private key is not available in Admidio's GUI for security reason. Instead, it can be downloaded (secured with a password!) from the list of keys in Admidio: | If encryption is desired for all SAML messages sent by Admidio to Wordpress, or if Wordpress should sign all its SAML requests, then Wordpress needs a private/public key pair to decrypt or sign messages. These need to be entered into the Wordpress SAML config in PEM format and can be generated by openssl's command line tools, by sites like https://www.samltool.com/self_signed_certs.php or in Admidio's key administration. Simply create a new Key for Wordpress (RSA 2048 bits). The certificate can be copied directly from the key's edit page, but the private key is not available in Admidio's GUI for security reason. Instead, it can be downloaded (secured with a password!) from the list of keys in Admidio: |
| |
| {{ :en:2.0:sso:sso_saml_02-03a_nc_saml_keysetup1.png?direct&400 |}} | {{ :en:2.0:sso:sso_saml_02-03a_nc_saml_keysetup1.png?direct&400 |}} |
