The fusionSpan Blog

Single Sign On with Fonteva and WordPress For Your Members

By Sanket Khare |July 24, 2020

Salesforce solutions and WordPress are two of the most widely used platforms globally, and that is certainly true for membership-based organizations. The ability to create a seamless, personalized experience across both platforms requires a type of integration commonly referred to as Single Sign-On (SSO).

For fusionSpan and our customers, this process can take one of several forms, but the basic tenets of each are rooted in two principles:

1) Expertise in the platforms involved (including Salesforce’s Fonteva platform and WordPress), and

2) Best practices for integration

While there are “out of the box” plugins available for SSO, the complexity of some digital spaces and desired experiences sometimes require a specialized solution. The following highlights our method for a custom SSO solution that leverages standard capabilities.

Single Sign On with Fonteva and WordPress for your Members

As we know, SSO is an authentication scheme that allows a user to log in with a single set of ID and password credentials to access any of several related, yet independent, software systems. As we have mentioned in previous blogs, SSO can take the form of a “Sign up with Google” or “Log in with Facebook” action button on your browser page.

Security Assertion Markup Language (SAML) is the technique used which is an open standard for exchanging authentication and authorization data between parties. In particular, between an identity provider (a trusted provider that lets you use single sign-on to access other websites) and a service provider (in this case, one that needs the authentication from the identity provider to grant authorization to the user).

In the following steps we will explore the process to leverage SSO connection between Fonteva and WordPress, where Fonteva acts as an identity provider (IdP), and WordPress acts as a Service Provider (SP).

Setup Fonteva as an Identity Provider

  • Log in to Salesforce and navigate to Setup.
  • From the left menu, navigate to Security Controls » Identity Provider, present under Administer menu option.
  • Click on the Enable Identity Provider button. After enabling the Identity Provider, you should be able to see Salesforce metadata endpoints and certificate details. Click on the Download Metadata to get the information used in WordPress settings to do the Identity Provider set up.
  • Under the Service Providers Section, click on Service Providers are now created via Connected Apps. Click here.
  • Enter Connected App Name, API Name, and Contact Email.
  • Under Web App Settings, check the Enable SAML checkbox and enter the following values:
    • Entity ID: SP-EntityID from Service Provider Metadata tab of the plugin (urn:)
    • ACS URL: ACS (AssertionConsumerService) URL from Service Provider Settings tab of the plugin
    • Subject Type: Username
    • Name ID Format: urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
  • Click Save.
  • Now from the left menu, under Administer, select Manage Apps » Connected Apps. Click on the App you just created
  • Under the Profiles section, click on the Manage Profiles button and select the profiles you want to give access to login through this app.

Configuring WordPress as a Service Provider

  • Setup SP entity identifier
  • Setup URL where the response from the IdP should be returned (usually the login URL)
  • Setup IdP entity identifier
  • Setup URL of te IdP where the SP will send the authentication request
  • Setup URL of te IdP where the SP will send the logout request
  • Path to the x509 certificate file, used for verifying the request
  • If not using the x509 certificate, then use the certificate fingerprint
  • Specify fingerprint algorithm

If we need to get any custom information about the user (i.e. the member status), then we would need to make some customization in the WordPress SAML Auth plugin (to include the custom information from Fonteva), and then map it as a user role in WordPress. Any custom information required needs to be set as a custom attribute under the Connected App that will be used on the WordPress site.

Leverage fusionSpan for your Salesforce Org today!

After going through these steps, SSO should be enabled for your Salesforce org. However, as mentioned earlier, the complexity of some digital spaces and desired experiences sometimes require a specialized solution. If your platforms require extra attention, do not hesitate to reach out to fusionSpan for further assistance!

Contact Us

Sanket Khare

I am an IT professional with 8+ years of experience working in web development (Linux, Apache, MySQL, PHP) and truly passionate about my work. Currently, I am working as Team Lead, developing applications, products and services for our customers by using PHP, WordPress, AWS, netForum etc. I am a Zend Certified PHP Engineer(PHP 5.5). Colleagues know me as a quick learner, highly disciplined. When I’m not on the job, I love travelling to historic places, reading historical books, playing Tennis/Football/Cricket.

More posts