| Info |
|---|
This guide describes how to connect a "miniOrange" (https://wordpress.org/plugins/miniorange-openid-connect-client/) protected Wordpress site as an OIDC Relying Party to eduTEAMS You will need to have access to your Wordpress site's administrator account, and be comfortable changing your site's configuration. You may wish to make a backup before continuing. This guide is based on the free version of the MiniOrange plugin. |
This guide describes how to connect a "miniOrange" ( https://wordpress.org/plugins/miniorange-saml-20-single-sign-on/#description ) protected Wordpress site as a SAML Service Provider to eduTEAMS.
You will need to have access to your Wordpress site's administrator account, and be comfortable changing your site's configuration. You may wish to make a backup before continuing.
This guide is based on the free (and most basic) version of the MiniOrange SAML plugin. The functionality is standard compliant, but at the most basic level. Other paid for versions are available. We, the people behind eduTEAMS cannot endorse purchasing alternative versions of the MiniOrange SAML plugin.
You might wish ti consider using OIDC for connectivity.
Install the plugin & configure
You will have to register the wordpress miniorange instance as an RP OIDC application with the eduTEAMS service.
The following information will be required for this registration form:
flow type : Authoriztion Code(the free miniorange plugin does not let you choose an alternative flow type)
Once registered, you will be given the app id and app secret - and you'll need these in the miniorange webform (see right).
Step 1 install the plugin & configure
It is assumed you have already created an OIDC application for your account on the eduTEAMS service, and you have the details of this available
Either download the zip file for the plugin and unzip in to your wp-content/plugins directory (fixing permissions as you go) or install from your Wordpress instance's web interface ; the approach you choose will depend on the type of installation you have and therefore we cannot provide more detail here.
Once installed, find the configuration link in the settings menu
Next:
Then :
- and you will be asked to name your OpenID application.
Once you have done this you can enter the rest of the details of your application:
The Redirect / Callback URL is the URL of your service.
The Client ID and Client Secret come from the SP registration you completed.
Scope should be openid
The Endpoints will be URLs as available from the .well-known information relevant to the eduTEAMS VO you're connecting to, eg https://proxy.eduteams.org/.well-known/openid-configuration
When this is all done, switch to the Attribute/Role mapping. Here, you have to set up an attribute to be used as a username; otherwise, the login flow will not work fully. A good pseudonymous choice is to use the sub:
Once you have entered this information You can click on the "Test Configuration" button; you will be prompted to login to your IdP and should be presented with a table of attributes successfully received by Wordpress.
Please note that in the free version of the plugin you cannot set Display Name etc. that will be shown for logged-in users; you would do this by changing settings in the "Attribute/Role Mapping" tab.