December 7

EZPZ SP: SAML SSO on WordPress

0  comments

Video Transcript: 

00:00 Welcome to the quick start EZPZ SP SAML WordPress install video. In this video, we're going to show you how you can get up and running quickly. So, first of all, you're going to need to login to your WordPress admin and click on the plugins and add new. And then we just need to search for EZPZ. Once the results show click on install now on the EZPZ SAML SP Single Sign-On plugin. Then click activate. Once you have clicked activate you are then taken to the install plugins list (you can get back to this list at any time by clicking plugins, install plugins) and then just find EZPZ SP in the WordPress plugins and then click configure.  

00:37 This is the configurations screen where you can change many different settings. I'm going to do a quick overview of these settings in this video, but the main aim for this video is to get you up and running quickly, so it won't be in-depth. So, for the institution name just put in whatever the institution organisation is that you would like to configure. This name is only used internally with a plugin, so it doesn't affect anything to do with this so it's purely just a name for you to recognise.  

01:01 Next you can just enter the entity ID. The entity ID is a unique identifier of the identity provider that you wish to set up some SSO for and the entity ID will typically be provided by your identity provider owner. You can then either choose to put in the metadata URL or upload a metadata file. The file or the URL will be provided by your Idp owner. Where possible it is best to use the URL as this will keep the metadata up to date, whereas if you choose to upload a metadata file you're going to have to re-upload the metadata file every time any changes occur to that identity provider.  

01:35 And then finally we need to put in a username attribute. This can either be a friendly name or a sAMAloid. You should really be telling the identified of what attribute you wish to receive. The username attribute can be literally anything that you want to use so email, the username from an Active Directory, first name, anything that you want to use, and anything that is available by the identity provider.  In our case and for this demo we're going to use a federated attribute called 'edgy person targeted ID'.  

02:00 For the email attribute you can leave this blank, or you can ask the provider to provide this for you. All this attribute does is just auto-fills the email account within side WordPress for the user when they login using their Idp. We then just want to click update settings to save the changes. After those changes are sent we need you to send the Idp owner to our SP metadata download link. EZPZ SP has already automatically generated this for us and it can be obtained by pressing the download SP metadata button.  

02:29 Once you have clicked that update metadata button you can either manually download this file and take you straight to the webpage and send it to the Idp owner or you can provide them with this URL so they can set up your own batch metadata download on their Idp if there Idp software supports it.  

02:44 If you need to provide the URL for the metadata download the link, it is https://yoursite.com/sso/metadata. Your Idp and all then just need to set up their metadata withinside their Identity provider and then set up the attributes you have distinguished that you want to be released to you. And that's all you need to do to configure the EZPZ SP. 

03:03 Now the initial configuration is complete we now need to decide what content we want to protect on our website. We can do this by moving over to the login options tab and now we can see that we've got a couple of choices, we can choose to protect the whole site and this will force logging as soon as anyone tries to access any page on our WordPress website, or we could choose to enable per page and post protection and this allows us to specifically select what pages we would like to be protected and which ones we wouldn't. For this demo we're going to use the per page post protection.  

03.35 You don't need to do anything with the last two options on this page, however, just so you know, the redirected WordPress login enforces your WordPress admin accounts to auto login via SAML and enable single logout that allows our ID piece to log out of replication using their Idp logout process.  

03.50 Before we move on to looking at the per post page protection settings we're just going to look at the last tabs on this page. The certificate options allows you to change the certificate for the EZPZ SP (a certificate was automatically made for you on install, so you don't have to make one). However, if you'd prefer to use your own certificate you can enter them here and you'll need to provide the metadata to the Idp again if you change your certificates here though.  

04.14 In the advanced options tab we have many different options in here that allow you to be very flexible, so, you can match any Idp needs or requirements, however, this is not for the faint-hearted and does require a more advanced knowledge of SAML to make sure that you're setting the correct settings, so it may be worth checking out our premium package if you need any help with this.  

04.35 We then have the premium features tab which just allows you to check out our premium version of our plugin. We have a lot of exciting features such as powerful satistical reporting and intel allowing us to see what pages are being accessed with SAML and also what your most popular SAML posts and pages are. We also have IP based logins so you can allow users from certain IPs to auto login and unlocks many other features and support is included.  

04.55 Finally, the support tab takes you to our support page, where you can get help with this plugin if you need any.  

05.01 Configuring the per post/page protection is very easy, we just need to navigate to the post or page that we wish to protect and then on the right-hand side you will see a 'require authentication to access this article'. All you need to do is just check the check box to require authentication and click update. If I now try to access that page, you're going to see that I'll be sent to the OvertIdp to login to access that page. If I then turn off that protection, I can access that page without having to login again. 

05.30 We hope you enjoyed that quick start video. Please feel free to contact us at support@ezpzsp.com if you have any questions at all. 


Tags


You may also like

Our 7 Shibboleth Top Tips: What can Shibboleth do for you?

Our 7 Shibboleth Top Tips: What can Shibboleth do for you?

Digital Security for the Daily Commuter: 9 ways to Stay Digitally Secure on the Move

Digital Security for the Daily Commuter: 9 ways to Stay Digitally Secure on the Move