A couple of weeks ago a client approached us — inquiring about the possibilities of using their existing WordPress installation as an Identity Provider (IdP) for other web based services. They wanted to give their existing users an easy Single Sign-On solution in order to use other sites and services that they provide. Their requirement was to use their existing WordPress user database together with SAML (Security Assertion Markup Language), which is an XML-based data format for exchanging authentication and authorization data.
We could not find any existing plugins or tools for WordPress, so we developed a quick solution as a proof of concept. The result of this development can be found on GitHub. Our code is implemented in PHP and licensed under GNU GENERAL PUBLIC LICENSE Version 2. We used the SimpleSAMLphp authentication module and connected it to the WordPress database as the authentication source. Our code was written for MariaDB/MySQL but could be easily adapted for other databases.


Setup WordPress on Your Webserver

Install SimpleSAMLphp on Your Webserver

Install SimpleSAMLphp and follow the SimpleSAMLphp instructions to set it up as an identity provider (SimpleSAMLphp Identity Provider QuickStart)

Add WordPressAuth Module

Create new directory wordpressauth under the modules directory (simplesaml/modules/wordpressauth) and copy the files from our WordPressAuth GitHub repository to it.

Configure Authentication Source

Edit the configuration file for authentication sources simplesaml/config/authsources.php and add:

Replace the placeholders with your MySQL host, username, password and database name (plus change the database prefix if it is not “wp_”).

Set Authentication Source in Metadata File

Edit the metadata file for the hosted SAML 2.0 IdP simplesaml/metadata/saml20-idp-hosted.php and set wpauthinstance as your authentication source:

Et Voilà! You can now use your WordPress as an SAML IdP.