Step 1: Login
-
Access the correct environment using wp_admin login with the DevOps standard password:
-
PROD: https://blog.kimconnect.com/wp-admin
-
STAGE: https://stage.kimconnect.com/wp-admin
-
QA: https://qa.kimconnect.com/wp-admin
-
DEV: https://dev.kimconnect.com/wp-admin
-
Step 2: Create DNS Entries
-
Ensure that a new site name, to be created, would resolve to the host’s IP via one of these two methods:
-
1. Create a DNS CNAME record of {URL} with IP of {HOST-IP}
-
2. Edit /etc/hosts of client machine to include sample sites (please review the “Sample Sites” section)
-
Step 3: Add SSO Metadata to IdP Server & SP Client
Please review the SSO Metadata section to ensure that records exist to associate each newly created site to be recognized by the SSO server.
Step 4: Create New Site
-
On the top navigation > hover cursor over {My Sites} > {Network Admin} > {Sites} > Click {Add New} > fill in text fields:
-
Site = {project-name}.web01.{env}.kimconnect.com
-
Site Title = {Project Name}
-
Admin = [email protected]
-
Click {Add Site}By default, WordPress multi-site removes the second ‘:’ portion of the URL, which would render the non-standard port configuration as broken. Thus it is not possible to access the generated site without fixing its associated entries in the database. Moreover, editing http/https & port numbering options must be done via SQL.
-
# Check the list of sites to locate the {blod_id} associated with newly created site:
mysql -uwebadmin -pPASSWORD --execute="select * from wp_stage.wp_blogs where domain like '%stage.kimconnect%';"
# Adapt the following commands to update the site according to its {blog_id}, {partner-ID} and {Project-Name}
mysql -uwebadmin -p --execute="
UPDATE wp_stage.wp_blogs
set domain = replace(domain, 'com8443', 'com:8443')
WHERE domain LIKE '%com8443';
UPDATE wp_stage.wp_{blog_id}_options
SET option_value = replace(option_value, 'com8443', 'com:8443')
WHERE option_value LIKE '%com8443';
UPDATE wp_stage.wp_{blog_id}_options
SET option_value = replace(option_value, 'http', 'https')
WHERE option_value like 'http://%';
UPDATE wp_stage.wp_{blog_id}_options
SET option_value = '{Project_Name}'
WHERE option_name = 'blogname';
UPDATE wp_stage.wp_{blog_id}_options
SET option_value = 'TEST'
WHERE option_name = 'blogdescription';
UPDATE wp_stage.wp_{blog_id}_options
SET option_value = '[email protected]'
WHERE option_name like '%admin_email%';
UPDATE wp_stage.wp_{blog_id}_options
SET option_value = '/index.php/%year%/%monthnum%/%day%/%postname%/'
WHERE option_name = 'permalink_structure';
UPDATE wp_stage.wp_{blog_id}_options
SET option_value = 'testapp-ui'
WHERE option_name = 'template';
UPDATE wp_stage.wp_{blog_id}_options
SET option_value = 'testapp-ui'
WHERE option_name = 'stylesheet';
INSERT INTO wp_stage.wp_{blog_id}_options (option_name,option_value,autoload) VALUES
('host','https://stage.kimconnect.com:8443','yes'),
('partner_id','XX','yes'),
('eua','true','yes'),
('elasticsearch','https://prod.kimconnect.com:9200','yes'),
('theme_mods','a:3:{i:0;b:0;s:18:"nav_menu_locations";a:1:{s:8:"leftmenu";i:2;}s:18:"custom_css_post_id";i:-1;}','yes'),
('sso_host','sso.kimconnect.com','yes');"
-
Logon to hosting server as webadmin to create a symlink for SimpleSaml
# Verify whether SimpleSaml has been deployed to this server
# This is an example of a broken SimpleSaml (missing items)
[webadmin@server01 plugins]$ ls /home/webadmin/pkg/share/simplesamlphp/
locales
# This is another example of SimpleSaml with expected settings
[webadmin@server01 plugins]$ ls /home/webadmin/pkg/share/simplesamlphp/
attributemap cert config COPYING extra locales metadata-templates schemas tests www
bin composer.json config-templates dictionaries lib log modules templates tools
cache composer.lock CONTRIBUTING.md docs LICENSE metadata README.md TESTING.md vendor
[webadmin@server01 plugins]$ ls /home/webadmin/pkg/share/simplesamlphp/config
acl.php authmemcookie.php authsources.php config.php
[webadmin@server01 simplesamlphp]$ ls /home/webadmin/pkg/share/simplesamlphp/metadata
adfs-idp-hosted.php saml20-idp-hosted.php saml20-sp-remote.php shib13-idp-remote.php shib13-sp-remote.php wsfed-sp-hosted.php
adfs-sp-remote.php saml20-idp-remote.php shib13-idp-hosted.php shib13-sp-hosted.php wsfed-idp-remote.php
# This is a correct settings for authsources.php
--- Truncated ---
// The entity ID of this SP.
// Can be NULL/unset, in which case an entity ID is generated based on the metadata URL.
#'entityID' => null,
'entityID' => 'https://'.$_SERVER['HTTP_HOST'].'/simplesaml/module.php/saml/sp/metadata.php/default-sp',
// The entity ID of the IdP this should SP should contact.
// Can be NULL/unset, in which case the user will be shown a list of available IdPs.
#'idp' => null,
#'RelayState' => 'https://'.$_SERVER['HTTP_HOST'],
'idp' => 'https://sso.kimconnect.com/simplesaml/saml2/idp/metadata.php',
// The URL to the discovery service.
// Can be NULL/unset, in which case a builtin discovery service will be used.
'discoURL' => null,
--- Truncated ---
# This is a correct settings for /home/webadmin/pkg/share/simplesamlphp/metadata/saml20-idp-remote.php
$metadata['https://sso.kimconnect.com/simplesaml/saml2/idp/metadata.php'] = array (
'metadata-set' => 'saml20-idp-remote',
'entityid' => 'https://sso.kimconnect.com/simplesaml/saml2/idp/metadata.php',
'SingleSignOnService' =>
array (
0 =>
array (
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
'Location' => 'https://sso.kimconnect.com/simplesaml/saml2/idp/SSOService.php',
),
),
'SingleLogoutService' =>
array (
0 =>
array (
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
'Location' => 'https://sso.kimconnect.com/simplesaml/saml2/idp/SingleLogoutService.php',
),
),
'certData' => 'CERT-SIGNATURE-HERE,
'NameIDFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient',
);
# Assuming that the "WP SAML Auth" plugin is installed and activated, this is the command to link the WordPress SimpleSaml to the prepared instance of such plugin
rm -rf /home/webadmin/pkg/share/httpd/htdocs/wp-content/plugins/wp-saml-auth
ln -s /home/webadmin/pkg/share/simplesamlphp/ /home/webadmin/pkg/share/httpd/htdocs/wp-content/plugins/wp-saml-auth/simplesamlphp