Salesforce solutions and WordPress are two of the most widely used platforms globally, and that is certainly true for membership-based organizations. The ability to create a seamless, personalized experience across both platforms requires a type of integration commonly referred to as Single Sign-On (SSO).
This process can take one of several forms, but the basic tenets of each are rooted in two principles:
1) Expertise in the platforms involved (including Salesforce’s Fonteva platform and WordPress), and
2) Best practices for integration
While there are “out of the box” plugins available for SSO, the complexity of some digital spaces and desired experiences sometimes require a specialized solution. The following highlights our method for a custom SSO solution that leverages standard capabilities.
Single Sign-On with Fonteva and WordPress for your Members
As we know, SSO is an authentication scheme that allows a user to log in with a single set of ID and password credentials to access any of several related, yet independent, software systems. SSO can take the form of a “Sign up with Google” or “Log in with Facebook” action button on your browser page.
Security Assertion Markup Language (SAML) is the technique used which is an open standard for exchanging authentication and authorization data between parties. In particular, between an identity provider (a trusted provider that lets you use a single sign-on to access other websites) and a service provider (in this case, one that needs the authentication from the identity provider to grant authorization to the user).
In the following steps, we will explore the process to leverage the SSO connection between Fonteva and WordPress, where Fonteva acts as an identity provider (IdP), and WordPress acts as a Service Provider (SP).
Setup Fonteva as an Identity Provider
- Log in to Salesforce and navigate to Setup.
- From the left menu, navigate to Security Controls » Identity Provider, present under Administer menu option.
- Click on the Enable Identity Provider button. After enabling the Identity Provider, you should be able to see Salesforce metadata endpoints and certificate details. Click on the Download Metadata to get the information used in WordPress settings to do the Identity Provider setup.
- Under the Service Providers Section, click on Service Providers are now created via Connected Apps. Click here.
- Enter Connected App Name, API Name, and Contact Email.
- Under Web App Settings, check the Enable SAML checkbox and enter the following values:
- Entity ID: SP-EntityID from Service Provider Metadata tab of the plugin (urn:)
- ACS URL: ACS (AssertionConsumerService) URL from Service Provider Settings tab of the plugin
- Subject Type: Username
- Name ID Format: urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
- Click Save.
- Now from the left menu, under Administer, select Manage Apps » Connected Apps. Click on the App you just created
- Under the Profiles section, click on the Manage Profiles button and select the profiles you want to give access to by login in through this app.
Configuring WordPress as a Service Provider
- Setup SP entity identifier
- Setup URL where the response from the IdP should be returned (usually the login URL)
- Setup IdP entity identifier
- Setup URL of the IdP where the SP will send the authentication request
- Setup URL of the IdP where the SP will send the logout request
- Path to the x509 certificate file, used for verifying the request
- If not using the x509 certificate, then use the certificate fingerprint
- Specify fingerprint algorithm
If we need to get any custom information about the user (i.e. the member status), then we would need to make some customization in the WordPress SAML Auth plugin (to include the custom information from Fonteva), and then map it as a user role in WordPress. Any custom information required needs to be set as a custom attribute under the Connected App that will be used on the WordPress site.
No comments:
Post a Comment