WordPress SSO with NetIQ Access Manager

WordPress is a web software that can be utilized to create beautiful websites and blogs. With over 77 million sites and roughly 60% of the market share when it comes to Content Management Systems, WordPress is most definitely a force to be reckoned with. When creating a website at the Enterprise or Corporate level, it's important to allow your users to maintain a sense of unity as they move across your domain. However, with the core WordPress installation, this unity gets broken whenever a user attempts to log-in to your WordPress site. However, with Access Manager and a WordPress plugin, you can allow your users to be automatically logged into your WordPress site and even present them a custom log-in page. You can even force WordPress to create a new account for that user with a specific role if one does not already exist. This makes it easier for your users to both contribute and participate in any discussion that is happening on the site. So how can you make this happen?

Access Manager

In your Access Manager installation, you will need to set up a new accelerator for the site along with normally two protected resources. In this article, I'll be creating two, one for the root site, and then another for the protected aspects of the WordPress installation. You may need more depending on your situation.

After creating the accelerator, create a new protected resource for your root site.

Root Protected Resource

If the front end of your site is open to the public, then you'll not want any Authentication Procedure. Depending on your needs you may or may not need to create some Authorization rules. We primarily use Authorization Rules to control which Administrators can perform updates. This allows for certain administrators to create and edit users, while leaving the updates to another site administrator. Next we'll need to add some Identity Injections.

Identity Injections

These are important as these injections will provide the ability to log-in to WordPress and the information by which a new account can be created. It is recommended that you at least inject the x-cn, x-email, x-firstname, and x-lastname headers. You may choose to inject more if your needs call for it. The username and e-mail are required by WordPress.

The next protected resource will be for our protected content.

Login Protected Resource

Here it is necessary to list all the protected paths. In a MultiSite installation, this list can grow very quickly with at least 2 protected paths per sub-site. You'll want to choose the appropriate Authentication Procedure. This Authentication Procedure is what will allow for the standard Log-in Page to be replaced with the Custom Log-in Page you've designed. After adding the protected paths and selecting the Authentication Procedure, you'll then need to add any authorization rules and set up the Identity Injections as you did on the Root Protected Resource.


In your WordPress installation, all you need to do is install the Header Login plugin. It is simple to both install and set up. In 5 simple steps you can have your WordPress site ready to work seamlessly with NetIQ Access Manager.

  1. Go to your admin area and select Plugins >> Add New from the menu

  • Search for "Header Login"

  • Click Install

  • Click Activate (Network Activate on Multisite)

  • Setup and customize the plugin through the "Settings" Menu (Network Settings Menu on Multisite)


  1. Go to https://wordpress.org/plugins/header-login

  • Download latest version of Header Login

  • Unzip file into WordPress plugins directory

  • Activate Plugin (Network Activate on Multisite)

  • Setup and customize the plugin through the "Settings" Menu (Network Settings Menu on Multisite)

After installing the plugin, go to the Settings Menu and enter the necessary headers that you've injected in your Access Manager set up. Here you can also specify the correct Logout URL so that your users can log out of your domain from the WordPress site. You can also choose whether or not you want new users to be created automatically and if so, with what role.

Header Login Settings

By utilizing both NetIQ Access Manager and the WordPress Header Login plugin, you can take another step towards a seamless and unified experience for your users.



How To-Best Practice
Comment List
Parents Comment Children