Login into WordPress WebSite using Asgardeo
WordPress is an open-source content management system written in PHP and paired with MYSQL and MariaDB databases.
You can try out WordPress locally with the LOCAL - WordPress development tool. It is available for all windows, Linux, Mac platforms.
Why do we need an Identity Provider?
An Identity Provider (IdP) is capable of managing digital identities in a secured manner. You can integrate your applications with an identity provider to authenticate users and obtain identification information by using security tokens like SAML 2.0, OpenID Connect, OAuth 2.0, and WS-Trust.
As a WordPress developer, instead of building Identity management capabilities on your own, using an existing identity provider service, you can easily save your money and time and focus on building your business use cases via your website.
Also, it is hard to build an IAM solution in-house, stay in compliance with regulatory requirements when handling users. So we can use an identity provider to solve and keep the development simple.
Asgardeo as your Identity Provider
Asgardeo is an Identity as a Service (IDaaS) by WSO2. You don’t need to be an identity expert to implement authentication to your website. You can simply register and start using Asgardeo to integrate secure user login to your website. You can register to Asgardeo for free from here. If you already have an account, sign in from here.
To securely authenticate users to the WordPress website, I will use miniOrange SAML Single Sign On(SSO) third-party plugin in WordPress.
The miniOrange SAML Single Sign On(SSO) plugin will act as the SAML 2.0 Service provider which can be configured to securely authenticate the user to the WordPress site. In this case, Asgardeo will act as our Identity Provider.
- Requesting Service Provider’s(miniOrange SAML SSO plugin) service
- Service Provider creates SAML authentication requests and the user redirects to the Asgardeo.
- User Login with credentials and get authenticated
- Asgardeo sends SAML response
- Service Provider verifies the SAML response and authorizes the user’s request
Let’s do the integration.
Install the miniOrange SAML SSO plugin in WordPress
1. From the WordPress Admin dashboard of your website, click plugins -> Add New from the left navigation pane.
2. Search the word “SAML”. Then install and activate the SAML Single Sign On — SAML SSO Login plugin.
Plugin Configuration & Information
- From the left pane, click miniOrange SAML 2.0 SSO > Plugin Configuration. This is the place we will configure our Identity Provider.
- Go to Service Provider Metadata tab. Here you can see the configuration details which will be needed for Identity Provider configurations.
Configure a Standard-Based Application in the Asgardeo Console
- Go to the Asgardeo console and click on New Application.
2. Click, Standard-Based Application.
3. Enter a name for the application and select SAML as the protocol.
4. Select File Based and upload the Service Provider’s metadata file. You can download this file from the Service Provider Metadata tab in the miniOrange SAML 2.0 SSO Plugin Configuration.
5. Click Register. Then you will be redirected to the new application configuration page.
6. Change the below configurations in the Protocol tab.
- check Enable Response Signing
- check Enable Single Logout
- Check Enable Attribute Profile
7. Click Update at the bottom of the page.
8. Click on the User Attributes tab. Then click on Add User Attribute button to add user attributes that need to share in the SAML response. We need to share the Email and the Full Name attributes.
9. Set the Email attribute as a mandatory attribute. Select Full Name as the subject attribute.
10. Click Update.
Configure SAML SSO plugin in WordPress
- Click Upload IDP Metadata on the Service Provider Setup tab to configure the following fields.
- Identity Provider Name: Asgardeo
- Enter metadata URL: https://api.asgardeo.io/t/<org_name>/identity/metadata/saml2
This metadata URL will give us our Asgardeo organization SAML metadata.
2. Click Fetch Metadata
- The plugin will retrieve the information from the metadata URL. You can see the updated configurations from the same Service Provider Setup tab.
Let’s Try Out
- To try out we need to have a customer user account other than the owner/collaborator account in the organization. You can find more information about customer accounts from the below documentation link.
This guide walks you through the process of managing a customer account. An owner or a collaborator with administrative…
- On the Service Provider Setup tab, click theTest Configuration button at the bottom of the page.
2. Login with a user in the Asgardeo.
Note: Use a Customer account to log in.
3. Enter a value for the Full Name attribute and then give the consent and you will be able to see a page like below.
- The warning — The NameID value is not a valid Email ID is because we have used the Full Name as the subject attribute. To avoid that you can use Email as the Subject attribute in the Application configuration in Asgardeo.
The Authentication flow is successful !!!
Integrate miniOrange SAML2.0 SSO Plugin as a widget to a WordPress Website
- Click Appearance -> Widgets from the left side pane.
2. Select the Widget by searching “SAML” and then add it to the theme(drag & drop). This step will not be like below as it depends on the theme you are using.
3. Click Update.
4. Let’s try to log in to the website. Click the login link on the widget.
5. You will be redirected to the Asgardeo login page to authenticate.
6. You will be redirected to the WordPress webpage after authentication is completed. Then you can find the logout link in the widget to initiate the logout flow.
- As we are using Full Name as our subject attribute, it will show the Full name here. If you need to change to the first name or anything other than Full Name, you just need to change the subject attribute from the Asgardeo application configurations.
- You can log out by clicking the Logout link of the widget. Then you will be able to see the same Widget with the Login with Asgardeo link.
Hope you got some idea about how to integrate user login to a WordPress website with Asgardeo.
Now, You can look into other capabilities of Asgardeo. Such as,
- Enable social sign-in with Google, Facebook, and GitHub using pre-defined templates.
- Configure external identity providers that can connect with open standards like OpenID Connect and SAML to your application.
- Choose from a variety of methods such as Email OTP, SMS OTP, and TOTP for 2FA.
- Use the Asgardeo SDKs to integrate Asgardeo with various technology stacks.
Thank you for reading this article!