You can configure any IDP like AD, OpenDS which supports LDAP to single sign-on into apps which doesn't support SAML or any protocol.Likewise using our broker service you can also sso into any app supporting other protocols like OAuth, OpenID Connect, JWT, etc.
Given below are the steps given to configure AD as IDP & connect it with miniorange broker to single sign-on into WordPress using SAML protocol.
Step 1: Setup AD as User Store Using miniOrange Broker Service
- Navigate to miniOrange->User Stores->Add User Store->AD/LDAP
| Directory Type
|| Active Directory
| LDAP Server URL
|| Your AD server URL or IP address
| Bind Account DN
|| Please perform step-A
| Bind Account Password
|| Please perform step-B
| Search Bases
|| Please perform step-C
| Search Filter
|| Please perform step-D
- Step A: Go to AD FS->Domain->respective Users-> Properties->Attribute Editor. Now copy the value of distinguishedName & paste it against Bind Account DN
- Step B: Enter the valid password for the user from Step A.
- Step C: Search Base is a user search location. It means where to search for a user.
- Step D: If you want to add extra conditions on user search you can add it in Search Filter. If you not sure what to add then add (&(objectClass=*)(cn=?)).
- Click on Save. After this, it will show you the list of User stores. Click on Test Configuration to check whether you have enter valid details. For that, it will ask for username & password.
Note: Refer our document to see our step by step guide to setup LDAPS on windows server.
Step 2: On-the-fly User creation from LDAP User Store
miniOrange supports on-the-fly user creation in miniOrange from an external LDAP directory. This would simplify the sign-on process from an external directory without the need to set up scheduled sync from the external directory.
After the creation of users on-the fly, it would be possible to set up Two Factor Authentication and Fraud Prevention policies for the users in order to enhance security.
Pre-requisite: Custom branded URL needs to be set.
The following steps allow to setup On-the-fly User Creation from a LDAP User Store. They require a LDAP User Store to be setup in miniOrange. To setup a LDAP User Store in miniOrange, you can follow the guide
in the link.
- Navigate to the miniOrange Admin Console through the branded login URL.
- Head over to the User Stores section on the left navbar.
- Click on Edit for the LDAP Directory with which the On-the-fly user creation needs to be enabled.
- You need to ensure that the following attributes are set.
- Username attribute: This would be the LDAP Attribute mapped to the username in miniOrange.
- Email attribute: This would be the LDAP Attribute mapped to the email address in miniOrange.
- Enable the Sync users in miniOrange option.
- Click on Save.
At this point, users will be created in miniOrange when a connected application is accessed or if a directory user tries to access the miniOrange dashboard.
Step 3: Setup WordPress as SP for miniOrange Broker Service
You can use the following steps to setup connection between your SP (Service Provider) & miniOrange. Here we have used WordPress as SP.
- First navigate to Apps->Manage Apps->Configure Apps. Search for WordPress in SAML section. Select Wordpress App & click on Add App.
- If you don't find the application that you are looking for then you can also use Custom App.
- Now navigate to Wordpress->miniOrange SAML 2.0 SSO->Identity Provider tab. Copy SP-EntityID / Issuer & ACS (AssertionConsumerService) URL & paste it against SP Entity ID or Issuer & ACS URL in miniOrange. Select Name ID as Email Address.
- Click on save. After this it will shows the list of configured apps. Now click on Metadata option of the respective app. It will show the popup in which it shows the URL list. Remember IdP Entity ID or Issuer, Broker Service Login URL & X.509 Certificate. These values are required for adding IDP on WordPress.
- Goto Wordpress->miniOrange SAML 2.0 SSO->Service Provider tab & add following data
|IdP Entity ID or Issuer
||IdP Entity ID or Issuer from miniOrange App Metadata link
|SAML Login URL
||Broker Service Login URL from miniOrange App Metadata link
||X.509 Certificate from miniOrange App Metadata link
- Click on Save. To check whether configurations are working or not for that click Test Configuration.