In this tutorial, we will guide you through the process of setting up Single Sign-On (SSO) in WordPress using AWS Cognito as the OAuth provider. SSO enhances user experience and security by allowing users to log in once and access multiple services seamlessly. By the end of this guide, you’ll have WordPress integrated with AWS Cognito for secure and efficient user authentication.
Prerequisites
Before you begin, make sure you have the following:
- A WordPress website with administrator access.
- Access to your WordPress dashboard.
- The Mini Orange OAuth Single Sign-On plugin installed. You can find installation steps in the setup guide linked in the video description.
Step 1: Installing the Mini Orange OAuth SSO Plugin
First, go to your WordPress dashboard. In the left-hand menu, navigate to “Plugins” and click “Add New.” Search for “Mini Orange OAuth Single Sign-On” and install the plugin.
Step 2: Adding a New Application
Once the plugin is installed, you’ll see a new menu item labeled “Mini Orange OAuth” in your WordPress dashboard. Click on it. Here, you’ll find an “Add New Application” button; click on it.
Step 3: Selecting the AWS Cognito Application
You will be presented with a list of available applications. Locate “AWS Cognito” in the list and select it. Then, click “Next.”
Step 4: Note the Callback URL
At this stage, you’ll see the Callback URL. Keep this URL handy, as you will need it later to configure your Cognito app. Click “Next” to proceed.
Step 5: Configuring AWS Cognito
Now, let’s configure AWS Cognito. Follow these steps:
Step 5.1: Access the AWS Cognito Console
Log in to your AWS console using your credentials. In the AWS Services search bar, search for “Cognito” and click on it.
Step 5.2: Create a User Pool
Click on “Create User Pool.” Choose “Email” as the sign-in option, allowing users to sign in using their email addresses.
Step 5.3: Define Password Policy
You can define the length and complexity of passwords using the password policy. You can either use the default policy or customize it as needed.
Step 5.4: Configure Multi-Factor Authentication (MFA)
Scroll down to the multi-factor authentication option. Enable “No MFA” if you want users to sign in with a single authentication factor.
Step 5.5: Select Required Attributes
Under the “Required Attributes” option, select the attributes you want to display when a new user is created. You can also add custom attributes.
Step 5.6: Configure User Account Recovery
Configure how your user pool sends email messages to users and click “Next.”
Step 5.7: Configure User Pool
Enter a name for your user pool and under “Hosted Authentication Pages,” check the option to use the Cognito hosted UI. Then, under “Domain,” choose “Use a Cognito domain” and enter a domain name for your Cognito app.
Step 5.8: Configure App Client Settings
Under “App client,” enter a name for your app. Enable “Generate client secret” to generate a client secret. Now, you’ll need to enter the Redirect Callback URL, which you copied earlier from the Mini Orange OAuth SSO plugin.
Step 5.9: Advanced App Client Settings
Under “Advanced app client settings,” select “Authentication flow” as “Allow user SRP (Secure Remote Password) off.”
Step 5.10: Review and Create User Pool
Review your selections and click “Create user pool” to confirm and create your user pool.
Step 6: Create a User
In the AWS Cognito console, go to the “Users” tab and click “Create user.” Fill in the required user details and click “Create user.”
Step 7: Retrieve Client ID and Client Secret
Under “App Integration” in your user pool settings, you’ll find your client ID and client secret. Keep these credentials handy as you’ll need them for configuration.
Step 8: Configure the Mini Orange OAuth SSO Plugin
Now, go back to the Mini Orange OAuth Single Sign-On plugin in your WordPress dashboard. Replace the “Cognito domain” with the endpoints you configured in AWS Cognito. Click “Next.”
Step 9: Configure OAuth Settings
Paste the client ID and client secret that you copied from your AWS Cognito app. The scope “Open ID” should already be filled in. Click “Next.”
Step 10: Summary and Test Configuration
Review the summary of your app details. Verify that everything is correct and click “Finish.”
Step 11: Log in with AWS Cognito
Log in with your AWS Cognito credentials using the AWS Cognito SSO login button on the WordPress login page.
Congratulations! You have successfully set up Single Sign-On in WordPress using AWS Cognito as the OAuth provider.
Additional Functionality
If you’re looking for additional functionality like user profile mapping and role mapping, you can reach out to us at info@secureify.com.
That’s it! You’ve learned how to configure SAML SSO in WordPress with AWS Cognito. Enjoy the benefits of streamlined and secure authentication for your WordPress site. If you have any questions or need further assistance, feel free to reach out to us.