ServiceNow connector deployment guide 1.0.0.0

KeyCloak SAML SSSO with WordPress

This blog discusses about the wordpress SAML SSO woth KeyCloak IAM

  1. Start wordpress install miniOrange SSO using SAML 2.0 plugin.
  2. Start keycloak server in administartor mode.
  3. In your Keycloak admin console, select the realm that you want to use.
  4. From left menu, select Clients.

 

  1. Create a new client/application. Configure the following:

 

Client ID                                –           The SP-EntityID / Issuer from the wordpress plugin under                                        Identity Provider tab

Name                                      –           Provide a name for this client (Eg. WordPress)

Description                            –           Provide a description (Eg. WordPress site)

Enabled                                  –           ON

Client Protocol                      –           SAML

Include AuthnStatement      –           ON

Sign Documents                    –           ON

Sign Assertions                      –           ON

Signature Algorithm             –           RSA_SHA256

Canonicalization Method     –           EXCLUSIVE

Force Name ID Format        –           ON

Name ID Format                   –           Email

Root URL                              –           The ACS (Assertion Consumer Service) URL from the                                                          wordpress plugin under Identity Provider tab.

Valid Redirect URIs              –           The ACS (Assertion Consumer Service) URL from the                                                          wordpress plugin under Identity Provider tab.

 

  1. Under Fine Grain SAML Endpoint Configuration, configure the following:

 

Assertion Consumer Service –         The ACS (Assertion Consumer Service) URL from the        POST Binding URL                            wordpress plugin under Identity Provider tab.

 

  1. Click on Save.

 

 

  1. Configuring WordPress as SP in WordPress

 

  1. Go to,

http://<YOUR_DOMAIN>>/auth/realms/{YOUR_REALM}/ protocol/ saml/ descriptor.           This will open an XML in the browser.

 

  1. In miniOrange SAML plugin, go to Service Provider Tab. Enter the following values:

Identity Provider Name   –           Keycloak

IdP Entity ID or Issuer     –           Search for entityID. Enter it’s value in this textbox.

SAML Login URL            –           Search for SingleSignOnService Binding=                                                                                                      “urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect”.                                          Enter the Location value in the textbox.

X.509 Certificate               –           Enter the X509Certificate tag value in this textbox

 

  1. In miniOrange SAML plugin, go to Attribute/RoleMapping tab. Enter the following values:

 

Username         –              Name of the username attribute from IdP (Keep NameID by default)

Email                –              Name of the email attribute from IdP (Keep NameID by default)

FirstName        –              Name of the firstname attribute from IdP

LastName        –               Name of the lastname attribute from IdP

 

  1. Under the Role Mapping section, configure which GROUP value coming in the SAML response needs to be mapped to which role in WordPress. The Group value coming in the SAML response will be mapped to the Role assigned here and the user will be assigned that role in WordPress.

Keep all values as it is. Click Save.

  1. Go to SSO Login Settings tab. Enable Check this option if you want to add a Widget to your page under Use a Widget.

 

11.1. Go to Appearances > Widgets.

11.2. Select “Login with Keycloak“. Drag and drop to your favourite location and save.

 

  1. Hit the URL : http://localhost/wordpress

 

 

  1. Click on login with Keycloak, you will be directed to Keycloak Authentication page.

 

 

  1. Login with registered email and password.

 

You will see it redirects to word press and user is logged in.

ServiceNow connector deployment guide 1.0.0.0

Keycloak IAM Installation and Basic Config

 

  1. Download keycloak 3.4.3.Final server zip file from http://www.keycloak.org /downloads.html.

 

  1. Unzip the file and go to the bin/ directory.
  2. Run standalone.sh and hit http://localhost:8080/auth. It will open keycloak welcome page.

 

  1. Fill the data and click on create.
  2. After you create the initial admin account, you can log in to the Admin Console.

Click on Administration Console link or hit http://localhost:8080/auth/admin/.

 

  1. Login with the username and password you created on the Welcome page. The Keycloak Admin Console page opens.

  1. Creating a Realm and User in Keycloak.

7.1. Log in to the Keycloak Admin Console

7.2. In the top left corner dropdown menu that is titled Master, click Add Realm.

7.3. Create new realm from scratch so type demo for the realm name and click Create.

7.4. After creating the realm the main Admin Console page opens. The current realm is now set to demo. You can switch between managing the master realm and the realm you just created by clicking the top left corner dropdown menu.

  1. Creating a New User in Keycloak.

8.1. In the left menu bar click Users. The user list page opens.

8.2. On the right side of the empty user list, click Add User. Fill the user information and click save.

8.3. To define a temporary password for your new user. Click the Credentials tab. Type a new password and confirm it. Click Reset Password to reset the user password to the new one you specified.

 

ServiceNow connector deployment guide 1.0.0.0

Installing WSO2 Identity Server 5.3.0 on Windows

1. Installing the required applications
1.1 . Ensure that your system meets the requirements as per below. Java Development Kit (JDK) is essential to run the product.
System requirements
Memory – 2 GB minimum
– 512 MB heap size.
Disk – 1 GB, excluding space allocated for log files and databases.
Oracle Java SE Development Kit (JDK) – JDK 7 or 8.

1.2. Ensure that the java PATH environment variable is set.

2. Installing the Identity Server
2.1 Download the latest version of the Identity Server from
https://wso2.com/identity-and-access-management

2.2. Extract the archive file to a dedicated directory for the Identity Server

2.3. Set the CARBON_HOME environment variable by pointing it to the directory where
you extract WSO2 Identity Server into.

3. Running the Product On Windows
3.1. Open a command prompt: On Windows, choose Start -> Run, type cmd at the prompt, and press Enter.

3.2. Execute one of the following commands, where <IS_HOME> is the directory where you installed the product distribution: On Windows:
D:\wso2\wso2is-5.3.0/bin/wso2server.bat –run

4. Accessing the management console
4.1. Once the server has started, you can access the Management Console by opening a Web browser and typing in the management console’s URL. The URL is displayed towards the end of the server start script’s console and log. For example:

Hit the URL : https://localhost:9443/carbon

Sign in with admin/admin credentials.