SAML SSO Login – Single Sign On

Description

Keywoot’s SAML Single Sign On plugin transforms your WordPress site into a SAML Service Provider (SAML SP), enabling it to securely authenticate users through any SAML 2.0 compliant Identity Provider (IdP). Users can log in or register on your site via SAML SSO with various Identity Providers.

This plugin is compatible with IdPs including Okta, Keycloak, Azure AD, Google Workspace, Salesforce, ADFS, Shibboleth, OneLogin, Auth0, Microsoft Entra ID, and others. It ensures a secure authentication experience, making it ideal for businesses, educational institutions, or community sites that want simplified access for employees, students, or members.

Need Help or Have Questions?

For any queries or support, feel free to reach out to us at: support@keywoot.com
Our team is dedicated to providing you with the best support possible.

Why Use This Plugin

• Simplified Login: Use a single set of credentials for authentication. The plugin eliminates the need for multiple passwords while maintaining high security standards. Users authenticate once via their Identity Provider and gain access to your site.

• Security First: The plugin uses the secure SAML protocol for authentication, ensuring user data stays protected. Once authenticated via the Identity Provider, users can access your site without additional logins.

• Unlimited Authentications: Whether you have a small team or a large organization, this plugin provides unlimited authentications. It is compatible with 40+ SAML Identity Providers including Azure AD, Azure B2C, ADFS, Keycloak, Google Workspace, Okta, Salesforce, Office 365, Shibboleth, Auth0, and more.

• Automatic Attribute Mapping: The plugin automatically maps required WordPress attributes like email and username with NameID from the Identity Provider. This ensures each user created is unique.

Premium Features

• Advanced Attribute Mapping: Detailed control over user profile attributes, mapping attributes from IdP to WordPress.
• Advanced Role Mapping: Assign roles during login based on SAML IdP groups or attributes.
• Force SSO for Site Access: Redirect users to IdP for authentication and enforce authentication on site visit.
• Single Logout: Logout from all sessions, including the IdP, in one click.
• Force Authentication: Authenticate users on the IdP each time they log in, even if the IdP login session exists.
• Custom Redirection: Redirect users to any page after authentication or logout.
• Restrict Access (Attribute Based): Restrict user access based on certain attribute values from the IdP.
• Restrict Access (Domain Based): Prevent login based on the user’s email domain.
• Metadata Synchronization: Upload and sync IdP metadata easily on regular intervals automatically.
• Custom Certificates: Add and use custom X.509 certificates for enhanced security.

With these features, your WordPress site becomes a secure and versatile SAML Service Provider.

Supported Identity Providers (IdP)

This WordPress SAML SSO plugin is compatible with any SAML 2.0-compliant Identity Provider, enabling seamless single sign-on integration for your WordPress site. Whether you’re using enterprise SSO solutions, cloud-based identity providers, or on-premises authentication systems, this plugin provides secure SAML authentication that works with standard SAML 2.0 protocols.

Our plugin has been successfully tested and is compatible with leading enterprise SSO solutions including:

• Microsoft: Office 365, Azure AD (Microsoft Entra ID), Azure B2C, ADFS (Active Directory Federation Services)
• Google: Google Workspace (formerly G Suite)
• Salesforce: Salesforce Identity and Salesforce SSO
• Okta: Okta Single Sign-On
• Keycloak: Open-source identity and access management
• Auth0: Identity platform for web and mobile applications
• OneLogin: Unified access management platform
• Shibboleth: Federated identity solution for education and research
• Ping Identity: PingFederate, PingAccess, PingOne
• Centrify: Identity and access management platform
• Duo Security: Duo SSO
• AWS: AWS IAM Identity Center and AWS Cognito
• ForgeRock: ForgeRock Identity Platform
• CA Identity (Broadcom)
• RSA: RSA SecureID and RSA SecurID Access
• VMware: VMware Workspace ONE Access
• AuthAnvil: AuthAnvil Single Sign-On
• Gluu Server: Open source identity and access management
• WSO2: WSO2 Identity Server
• LastPass: LastPass Enterprise SSO
• AbsorbLMS: AbsorbLMS Learning Management System

Each SAML SSO integration follows standard SAML 2.0 authentication protocols, allowing users to authenticate once through their Identity Provider and gain seamless, secure access to your WordPress site without additional login credentials. This WordPress SAML plugin works with almost any SAML 2.0-compliant Identity Provider, making it ideal for enterprise WordPress deployments, educational institutions, government organizations, and businesses requiring secure single sign-on authentication. If your organization uses a SAML 2.0-compatible IdP, you can integrate it with this WordPress SSO plugin for seamless user authentication and access management.

NOTE: This plugin is designed to work with SAML 2.0-compliant Identity Providers (IdPs). Throughout this documentation, we reference various Identity Provider names (such as Azure AD, Okta, Auth0, Google Workspace, Keycloak, OneLogin, Salesforce, Shibboleth, ADFS, and others) solely for the purpose of describing compatibility and interoperability. These references indicate that the plugin has been tested to work with these services using the standard SAML 2.0 protocol.

Important:
– This plugin is not affiliated with, endorsed by, or sponsored by any Identity Provider service mentioned in this documentation.
– All product names, trademarks, registered trademarks, company names, and service names are the property of their respective owners.
– All references to Identity Provider names are made solely for identification and compatibility description purposes under nominative fair use.
– Use of these names does not imply any endorsement, affiliation, partnership, or relationship between this plugin and the Identity Provider services.
– This plugin is an independent product and is not associated with any of the Identity Provider services referenced.

Source Code

This plugin includes both source and minified JavaScript and CSS files.

JavaScript:
– Source: assets/js/kwsso-admin-settings.js
– Minified: assets/js/kwsso-admin-settings.min.js

CSS:
– Source: assets/css/kwsso-admin-base.css and assets/css/kwsso-admin-custom-style.css
– Minified: assets/css/kwsso-admin-base.min.css and assets/css/kwsso-admin-custom-style.min.css

Dependencies:
This plugin uses Composer for dependency management. The composer.json file is located in the plugin root directory. To install dependencies, run composer install in the plugin directory.

The plugin uses the following third-party library:
– litesaml/lightsaml (^4.5): A PHP library for SAML 2.0 protocol implementation, used for handling SAML authentication requests, responses, and metadata processing.

All PHP source code is located in the src/ directory, organized by functionality (admin, data, helper, service, public, utility).