Keycloak WordPress SSO

Enable Keycloak SSO for your WordPress website using our SAML Single Sign On WordPress plugin.  Integrate your users from Keycloak to login to your WordPress blog and map user roles to WordPress.

 

Within the plugin set Keycloak as your SAML identity provider and enable WordPress single sign on with Keycloak set as your trusted IDP.  Map WordPress user roles based Keycloak users / groups. 

Keycloak WordPress SSO

with WP Cloud SSO

Table of Contents

Below are the steps to configure Keycloak Single Sign-On (SSO) Login into WordPress (WP)

 

  • Start Server: Start the keycloak server by running the _standalone.sh_ file

 

  • Root Directory of keycloak bin standalone.sh

1.) Setup Keycloak as IDP for WordPress

By following the steps below you will be able to configure Keycloak as IdP.

A) Configure Keycloak as WordPress Identity Provider:

  • In the WordPress WP Cloud  SSO plugin, please go  to SP (Service Provider) Metadata tab. In here, you can find the SP metadata such as SP Entity ID and ACS (AssertionConsumerService) URL which are required to configure the keycloak as IdP (Identity Provider).
  • In your Keycloak Admin console, select the realm that you want to use.
  • Click on Clients from the menu on your left and then click on Create button to create a new client/application.
  • Input the following: SP-EntityID / Issuer as the Client ID from the “Service Provider Metadata” Tab and select SAML as the Client Protocol.
  • Click on Save.
  • Configure Keycloak by providing the required details:
Client IDThe SP-EntityID / Issuer from the plugin’s Service Provider Metadata tab
NameProvide a name for this client
DescriptionProvide a description
Name ID FormatEmail
Root URLLeave empty or Provide Base URL from Service Provider Metadata tab
Valid Redirect URIsThe ACS (Assertion Consumer Service) URL from the plugin’s Service Provider Metadata tab
  • In section Fine Grain SAML Endpoint Configuration, Enter the following details:
Assertion Consumer Service POST Binding URLThe ACS (Assertion Consumer Service) URL from the plugin’s Service Provider Metadata tab
Logout Service Redirect Binding URL (Optional)The Single Logout URL from the plugin’s Service Provider Metadata tab
  • Click on Save.

B) Add Mappers

  • Go to Mappers tab and click on Add Builtin button.
  • Select the checkboxes:
  • X500 email,
  • X500 givenNameX500 surname attributes.
  • Click on Add Selected button. You will see the mappings that are added below.

C) Download Setup file

  • Navigate to Realm Settings, click on SAML 2.0 Identity Provider Metadata mentioned as Endpoints in the General Tab.
  • Note the URL and keep it handy. That will provide you with the Endpoints required to configure the plugin.

 

You have successfully configured Keycloak as SAML IdP ( Identity Provider) for achieving Keycloak login / Keycloak Single Sign-On (SSO), ensuring secure Login into WordPress (WP) Site.

2.) Configure WordPress as SP

3.) Keycloak Attribute Mapping

  • The Attribute Mapping feature allows you to map the user attributes sent by the IDP during SSO to the user attributes at WordPress.

 

  • In WordPress WP Cloud SSO plugin, navigate  to Attribute/Role Mapping tab and fill up the following fields in Attribute Mapping section.

 

IMAGE TO FOLLOW 

 

  • Custom Attribute Mapping: This feature allows you to map any attribute sent by the IDP to the usermeta table of WordPress.

4.) WordPress Role Mapping using Keycloak SSO

This feature helps you to assign and manage roles of the users when they perform SSO.  Altogether with the default WordPress roles, this is compatible with any custom roles as well.

 

  • From the Attribute Mapping section of the plugin, provide a mapping for the field named Group/Role. This attribute will contain the role related information sent by the IDP and will be used for Role Mapping.

 

  • Navigate to role mapping section and provide the mappings for the highlighted roles.

 

IMAGE TO FOLLOW 

  • For example, If you want a user whose Group/Role attribute value is wp-editor to be assigned as an Editor in WordPress, just provide the mapping as wp-editor in the Editor field of Role Mapping section.
Avatar for Andrew Fitzgerald
Andrew Fitzgerald

Cloud Solution Architect. Helping customers transform their business to the cloud. 20 years experience working in complex infrastructure environments and a Microsoft Certified Solutions Expert on everything Cloud

0 0 votes
Article Rating
Subscribe
Notify of
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x