L
Lineserve
Lineserve

Enable WordPress SSO with Auth0 using miniOrange (SAML)

Stephen NdegwaStephen Ndegwa
·
4 min read

This guide explains how to enable WordPress Single Sign-On (SSO) using the miniOrange SAML SP SSO plugin, with Auth0 as the Identity Provider (IdP).

  • WordPress site: https://example.com
  • SP plugin: miniOrange SAML SP SSO
  • IdP: Auth0
  • Protocol: SAML 2.0

Architecture

User → WordPress (miniOrange SP) → Auth0 (IdP) → WordPress

Auth0 authenticates the user and sends a SAML assertion back to WordPress.

Prerequisites

  • WordPress admin access
  • Auth0 admin access
  • miniOrange WordPress SAML SP SSO plugin installed
  • Public WordPress URL (HTTPS recommended)

Step 1: Install miniOrange WordPress SAML SP Plugin

  1. WordPress Admin → Plugins → Add New
  2. Search for “miniOrange SAML SSO”
  3. Install and activate WordPress SAML SP SSO
  4. Navigate to:
    miniOrange SAML SSO → Service Provider Metadata

Step 2: Collect WordPress (SP) Metadata

From Service Provider Metadata tab, copy the following values:

FieldExample Value
SP Entity ID / Issuerhttps://example.com/wp-content/plugins/miniorange-saml-20-single-sign-on/
ACS (AssertionConsumerService) URLhttps://example.com/
Audience URIhttps://example.com/wp-content/plugins/miniorange-saml-20-single-sign-on/
Recipient URLhttps://example.com/
Destination URLhttps://example.com/
NameID formaturn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
Metadata URLhttps://example.com/?option=mosaml_metadata

You will use these values when configuring Auth0.

Step 3: Create a New Auth0 Application for WordPress

⚠️ Do not reuse an Auth0 application created for another service (for example, Stripe).

  1. Auth0 Dashboard → Applications
  2. Click Create Application
  3. Name: WordPress SAML SSO
  4. Application type: Regular Web Application
  5. Click Create

Step 4: Enable SAML2 Web App Addon in Auth0

  1. Open the WordPress SAML SSO application in Auth0
  2. Go to Addons
  3. Enable SAML2 Web App
  4. Set Application Callback URL:
https://example.com/

(This must match the ACS URL from the miniOrange plugin.)

Step 5: Configure Auth0 SAML Settings (WordPress SP)

In SAML2 Web App → Settings, paste the following JSON configuration:

{
  "audience": "https://example.com/wp-content/plugins/miniorange-saml-20-single-sign-on/",
  "recipient": "https://example.com/",
  "destination": "https://example.com/",
  "signatureAlgorithm": "rsa-sha256",
  "digestAlgorithm": "sha256",
  "signResponse": false,
  "nameIdentifierFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified",
  "nameIdentifierProbes": [
    "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
  ]
}

Click Save.

Step 6: Download Auth0 Identity Provider Metadata

  1. In the same Auth0 application, open SAML2 Web App → Usage
  2. Click Download Identity Provider Metadata
  3. Save the XML file

Step 7: Configure miniOrange with Auth0 Metadata

Option A (Recommended): Upload Metadata

  1. WordPress Admin → miniOrange SAML SSO → IDP Configuration
  2. Click Upload IDP Metadata
  3. Set:
    • Identity Provider Name: Auth0
  4. Upload the metadata XML file downloaded from Auth0
  5. Click Save

Option B: Manual Configuration (Alternative)

Use values from the Auth0 Usage tab:

miniOrange FieldAuth0 Value
IDP Entity ID / IssuerAuth0 Issuer
SAML Login URLAuth0 Identity Provider Login URL
X.509 CertificateAuth0 Certificate

Step 8: Attribute Mapping (Free Plugin)

Go to:
miniOrange SAML SSO → Attribute / Role Mapping

In the free version of the plugin:

  • NameID is mapped to:
    • WordPress username
    • WordPress email

No additional configuration is required, as Auth0 sends the email address as the NameID.

Step 9: Role Mapping (Free Plugin)

  1. Go to Attribute / Role Mapping
  2. Scroll to Role Mapping
  3. Select a Default Role (for example, Subscriber)
  4. Click Update

All SSO users will receive this role unless advanced role mapping is configured.

Step 10: Enable SSO Button on WordPress Login Page

  1. Go to miniOrange SAML SSO → Redirection & SSO Links
  2. Enable:
    • Add a Single Sign-On button on the WordPress login page
  3. Save the settings

Optional:

  • Add an SSO widget for SP-initiated login
  • Configure post-login redirection

Step 11: Test WordPress SSO

  1. Open:
https://example.com/wp-login.php
  1. Click Login with SSO
  2. Authenticate using Auth0
  3. You should be redirected back and logged into WordPress

Common Issues & Fixes

❌ Invalid Audience

  • Ensure the Audience in Auth0 exactly matches the miniOrange SP Entity ID

❌ Redirect Loop

  • ACS URL mismatch
  • Incorrect Application Callback URL in Auth0

❌ User Not Created

  • Ensure WordPress allows user creation via SSO
  • Ensure NameID contains an email address

Important Notes

  • Each Service Provider (e.g., WordPress, Stripe) must have its own Auth0 application
  • Auth0 can act as IdP for multiple SAML SPs simultaneously
  • WordPress does not require Stripe-style role attributes
  • Auth0 Actions are optional unless advanced role mapping is required

Final Checklist

✔ miniOrange plugin installed
✔ WordPress SP metadata collected
✔ New Auth0 application created
✔ SAML addon enabled
✔ Auth0 metadata uploaded to WordPress
✔ SSO button enabled
✔ Login works successfully

Conclusion

You have successfully enabled WordPress SSO using Auth0 with the miniOrange SAML SP plugin.

Auth0 now acts as a central Identity Provider, allowing consistent authentication across multiple platforms while keeping WordPress configuration simple and secure.

If needed, you can extend this setup with:

  • WordPress role mapping via Auth0 Actions
  • MFA and conditional access in Auth0
  • Session sharing across applications
  • Production security hardening
Share:

Related Guides

Automating JNLP Downloads with PowerShell Using Session Cookies

When managing remote servers or BMC interfaces, some resources such as JNLP (Java Network Launch Protocol) files require authentication via cookies and session handling. Manually downloading these files can be cumbersome. PowerShell provides a way to automate this process using web sessions and cookie management. Creating a Persistent Web Session A web session in PowerShell […]

Stephen Ndegwa
·

Complete Guide to Downloading Files with PowerShell

Introduction PowerShell provides powerful tools for downloading files from web servers, with Invoke-WebRequest being the primary cmdlet for making HTTP requests. This guide covers everything from basic downloads to advanced scenarios involving authentication, cookies, and custom headers. Basic File Downloads Simple Download The most straightforward way to download a file: Download with Progress Bar PowerShell […]

Stephen Ndegwa
·

The Complete Guide to Installing StorCLI on Linux and Windows

StorCLI (Storage Command Line Tool) is Broadcom’s powerful command-line utility for managing LSI MegaRAID and PRAID controllers. Whether you’re managing hardware RAID arrays on servers or workstations, StorCLI provides comprehensive control over your storage infrastructure. This guide will walk you through the complete installation process on both Linux and Windows systems. What is StorCLI? StorCLI […]

Stephen Ndegwa
·