Wordpress_SSO
WARNING: This plugin should only be enabled and configured by system administrators as it affects how users log in to ResourceSpace.
This plugin allows users to log on to ResourceSpace using Wordpress single sign-on (SSO) Identity Provider (IdP)
Important information
- Please note that use of this plugin is dependent on your organisation having implemented a SAML compliant single sign-on solution. Configuration of this plugin will require co-operation between your ResourceSpace hosting provider and the administrators of your Single Sign-On system.
- Implementing a new single sign-on solution is not trivial and is normally an organisation wide decision requiring a significant amount of work. If you are at all unsure as to whether you have a single sign-on solution in place please speak to your IT team.
Configuration
These instructions are very basic and assume that you already have a working IdP (Identity provider). You may choose to move the entire plugins/simplesaml/lib folder to another directory away from the plugins directory e.g. for shared ResourceSpace environments. If so please ensure that you change the relevant files and not those specified below.
- Upload Wordpress plugin to Wordpress site. (Located here: plugins/wordpress_sso/wordpress_plugin/resourcespace-sso.zip)
- Activate the plugin on Wordpress
- Under Wordpress settings->General, enter the ResourceSpace URL (this is the same as $baseurl in ResourceSpaces's config.php)
- Under Wordpress settings->General, enter a shared key and note it down (make it secure, you won't need to remember this)
- In ResourceSpace, activate the plugin, enter the Wordpress URL (without a trailing forward slash) and shared key.
- Make sure you set a valid usergroup if you are creating users
- Choose whether you want to allow standard RS logins (useful in case Wordpress auth fails). Users must access login.php directly to use standard RS credentials
Security considerations
ResourceSpace has CSRF protection enabled by default. When configuring Wordpress_SSO plugin, please ensure that ResourceSpace is whitelisting the IdP system. This is done using the configuration option CORS_whitelist from CSRF protection feature.
Troubleshooting
The mapping between ResourceSpace and Wordpress user information is as follows:
- username -> display name
- email -> email
- full name -> display name