Single Sign on with adfs & wordpress on specific page

I am making a website for a school, the website is made with WordPress.

The school has a local (server ?) made with ADFS where they can sign in. I have the need to have a page on the website called ‘intranet’ where if the user is singed in on the server of the school they should be auto-logged in on the website and see the files on that adfs server. The company responsible for this server will provide me with a link of some sort.

Read More

I have found a WordPress Plugin called: SAML 2.0 single sign on.

https://wordpress.org/plugins/saml-20-single-sign-on/

But from my understanding this plugin is replacing the admin login with a single-sign-on, which is not really what i want to do (or do i?). There should be a separate login-form on a specific webpage only.

I have zero knowledge of ADFS, what i know about it is from wikipedia:

Active Directory Federation Services (ADFS or AD FS), a software
component developed by Microsoft, can run on Windows Server operating
systems to provide users with single sign-on access to systems and
applications located across organizational boundaries.

Question

My actual question: Since i don’t have any knowledge in this matter, i would like to have some tips on how to start with this, what do i need to learn, and what do i have to google to learn relevant information about this? Maybe a little step-by-step guide to get me started? Any help would be greatly appreciated!

Also, how is the user information handled? Do i need to have a ssl certificate or is that handled on the side of ADFS?

Related posts

1 comment

  1. Refer : ADFS Single Sign On with WordPress.

    ADFS authenticates against AD.

    What will happen is that you go to WordPress, you will be redirected to the ADFS login page, you authenticate and then get redirected back to WordPress with a collection of claims (AD attributes). These can include roles.

    You can’t alter this behaviour.

    Yes you need an SSL certificate on the ADFS side but since ADFS is already installed, it must already exist.

    For a good overview, refer : A Guide to Claims-Based Identity and Access Control.

Comments are closed.