In this step, we'll create a custom Google Apps SAML application. This will be the gateway between the users in our Google organization and WordPress. We'll also define which Google users have access to the app.
Find the SAML Apps dashboard in the Google Apps admin, and click Add a service/App to your domain:
When the modal opens, select SETUP MY OWN CUSTOM APP:
The Google IdP Information modal provides values and a certificate to pass back to the WP SAML Auth plugin. The key details are in the Option 1 section:
SSO URL: URL for WordPress to redirect to when initiating the SSO process.
Entity ID: How WordPress knows to recognize Google Apps.
Certificate - How Google Apps knows to trust a request coming from WordPress.
Copy the SSO URL and Entity ID values and paste them into the corresponding fields under Identity Provider Settings on the plugin settings page:
Download and commit the certificate file to your
privatedirectory so it's inaccessible from the web. You can add upload this file over sftp, or commit it to a local clone of the Git repository, then commit and push. If the latter, you will need to first switch the connection mode to Git:
sftp -o Port=2222 google-saml.1f2a347b....email@example.com....drush.in sftp> cd code/private/ sftp> put GoogleIDPCertificate-mydomain.com.pem Uploading GoogleIDPCertificate-mydomain.com.pem to /srv/bindings/972dd.../code/private/GoogleIDPCertificate-mydomain.com.pem GoogleIDPCertificate-mydomain.com.pem 100% 1253 27.6KB/s 00:00 sftp> quit terminus env:commit --message "Added the Google IDP Certificate to a protected path" $site.$env [notice] Your code was committed.
terminus connection:set $site.$env git git add private/GoogleIDPCertificate-mydomain.com.pem git commit -m "Added the Google IDP Certificate to a protected path" git push origin $env #or master, if working on the dev environment
Add the certificate path to the WP SAML Auth plugin settings, using the
Click Save Changes on the plugin settings page, and Next on the Google App modal.
On the Basic Information page, add a name for your app that you'll recognize in a year's time:
You can also add a description and logo at this stage. Remember, the more detail you provide now, the easier it will be for you or someone else to review this configuration in the future. Click NEXT to continue.
The Service Provider Details modal asks for information from the WP SAML Auth plugin, which is the SAML service provider for our WordPress site. Refer back to the plugin settings page for the ACS (Assertion Consumer Service) URL, Entity ID, and Start URL (listed as Base URL). Copy and paste these values:
Once you've filled out these fields, click NEXT.
On the Attribute Mapping page, you'll need to specify any attributes you'd like Google Apps to return in the SAML response, and then keys you'd like to use for those attributes.
Without any additional configuration, WP SAML Auth understands this attribute mapping:
- SAML IdP (Google Apps) -> WordPress
Click ADD NEW MAPPING, and map at least one identifying attribute. Using
Click FINISH and your application is created!
You can safely dismiss the Setting up SSO warning, as we'll provide additional configuration later: