Are you looking to simplify your WordPress Keycloak SSO Login integration and make user authentication hassle-free? Keycloak WordPress SSO allows your users to log in to your WordPress site using their Keycloak credentials, making the login process simple and efficient. This guide will take you through the process of setting up Keycloak as your Identity Provider (IdP) and WordPress as your Service Provider (SP) using the Keywoot SAML SSO Plugin. Designed to simplify the Keycloak WordPress SSO setup, this guide provides clear and detailed instructions to ensure everything is configured smoothly, saving you time and effort.
By following this step-by-step guide, you’ll streamline the Keycloak WordPress Login process, enabling users to access your WordPress site securely with their existing Keycloak accounts. Whether you’re just starting with Single Sign-On (SSO) or looking to enhance your current Keycloak WordPress Login integration, this guide has everything you need. With a properly configured setup, you’ll provide a secure, reliable, and seamless login experience for your users while improving the overall efficiency of your WordPress site.
WordPress Keycloak SSO integration Using Our Plugin
To connect your WordPress site with Keycloak, you’ll need to install a WordPress SAML SSO plugin. Here’s how:
- Install the Keywoot SAML SSO Plugin on your WordPress Site:
- From your WordPress Dashboard, navigate to Plugins → Add New.
- In the search bar, type in “Keywoot SAML SSO” Locate the plugin from the search results, click on Install Now, and then select Activate to enable it on your site.
- After installing the plugin, navigate to the SP Metadata tab and keep it open. You’ll need the metadata details from this tab for the upcoming configuration steps.
- Follow the Below Instruction for setting up Keycloak as Identity Provider IDP.
This plugin will be the bridge that connects your WordPress site with Keycloak, making the SSO integration possible.
Configuring Keycloak as Your Identity Provider (IdP) for WordPress Keycloak login
- Creating SAML Client In Keycloak:
- Open your Keycloak Admin Console and select your realm.
- Go to Clients and click Create Client.
- Choose SAML as the Client type.
- In the Client ID field, paste the SP Entity ID (Note: you can find SP Entity ID in the SP metadata Tab of SSO Plugin )
- Enter a name for your application and provide a description. ( You can write anything )
- Click Next.
- Enter Login Settings Details:
- Root URL: In this field, Use the Assertion Consumer Service URL (ACS URL) from our plugin. You can find the ACS URL in the SP metadata tab of the SSO plugin.
- Valid Redirect URIs: Use the ACS URL in this field as well.
- Click Save.
- Change SAML Capabilities Section:
- After Saving, In Settings Tab under SAML capabilities Section, make these changes:
- Force POST Binding: OFF
- Force Name ID Format: OFF
- Name ID Format: Email
- After Saving, In Settings Tab under SAML capabilities Section, make these changes:
- Disable Signature in the Key Section:
- Go to the Keys tab and turn off Client signature required.and then Click Save.
- Go to Advanced Tab and Configure :
- In the Advanced Tab, under Fine Grain SAML Endpoint Configuration make the below changes:
- Assertion Consumer Service POST Binding URL: In this field, Use the Assertion Consumer Service URL (ACS URL) which can be found in Plugin SP metadata Section.
- Logout Service Redirect Binding URL (Optional): Use the Single Logout URL from plugin SP Metadata Section.
- Click Save
- In the Advanced Tab, under Fine Grain SAML Endpoint Configuration make the below changes:
- Add Mappers for Sending User Attributes:
- Go to Client Scopes Tab, select your application, and click Add predefined mapper.
- Check X500 givenName, X500 surname, and X500 email.
- Click Add.
- Get Metadata URL:
- Go to Realm Settings in the sidebar, and click on the SAML 2.0 Identity Provider Metadata link. Copy the URL of the metadata page which got opened after clicking (This URL Will be used later).
Configuring WordPress as Service Provider (SP)
- In the Plugin:
- Go to the Service Provider Setup tab.
- Upload IDP Metadata:
- Enter the Identity Provider Name.
- Paste the metadata URL copied in the previous step, and click Fetch and save Metadata.
- Test Configuration:
- Click the Test Configuration button to verify if the trust has been successfully established. If a success window appears displaying the user attributes received from Keycloak, Congratulations—your Keycloak WordPress SSO is now configured!
- If you encounter any issues, please reach out to us at support@keywoot.com, including the error code shown. Our team will respond promptly to help you with the setup.
Premium Features and Their Configuration for WordPress KeyCloak SSO
Attribute Mapping
Attribute mapping is crucial for aligning user attributes from Keycloak with those in WordPress. To configure attribute mapping with Keycloak WordPress SSO:
- Set Up Attribute Mapping
- Navigate to the “Attribute and Roles” tab in the SSO plugin settings..
- Here, you can map user attributes sent by IDP to corresponding attributes in WordPress.
- Fill in the required fields under the Attribute Mapping section to link attributes sent by IDP to WordPress usermeta.
- Custom Attribute Mapping :
- The custom attribute mapping feature allows for mapping any attribute from Azure AD to WordPress usermeta, providing flexibility in managing user data.
Role Mapping
Role mapping is essential for assigning and managing user roles during SSO. It supports both default WordPress roles and custom roles.
- Configure Role Mapping
- In the same Attribute Mapping section, set up role mappings.
- Define how Salesforce roles correspond to WordPress roles. For instance, map the Salesforce wp-editor role to the WordPress Editor role.
- Ensure that the mapping accurately reflects your organization’s role structure for proper access control.
With these premium features, enjoy Keycloak WordPress Login functionality, providing a seamless single sign-on experience and precise user role management. Elevate your user management capabilities and streamline your authentication processes with our advanced plugin features.