Configure RSA Cloud Authentication Service

1. Sign in to RSA Cloud Administration Console. 
2. Navigate to the Authentication Clients menu and click Relying Parties.                                                                                                     
3. On the Relying Party Catalog page, click Add a Relying Party and click Add for Service Provider SAML.                                         
4. On the Basic Information page, enter the name for the application in the Name field and click Next Step. 
5. On the Authentication page, choose SecurID manages all authentication.
6. Select a Primary Authentication Method and Access Policy as required and click Next Step.                                                                
7. For providing Service Provider details:
   1. Click Import Metadata and click Choose File. 
   2. Select the file that is downloaded from the Service Provider.
      See the Configure WordPress section to download the metadata.                                               
8. Review the ACS URL and Service Provider Entity ID values that are auto-filled.                                                                                   
9. In the SAML Response Protection section, choose IdP signs assertion within response.
10. Download the certificate by clicking Download Certificate.                                                                                                                            
11. Click Show Advanced Configuration.
12.  Under the User Identity section, configure Identifier Type and Property. For example, Identifier Type: AutoDetect and Property: Auto Detect.
13. Click Save and Finish.
14.  On the My Relying Parties page, click the Edit drop-down icon and select the Metadata option to download the metadata. 
15. Click Publish Changes. Your application is now enabled for SSO.                                                                                                         

Configure WordPress

1. Log on to WordPress with admin credentials.
2. Click miniOrange SAML 2.0 SSO plugin and select Service Provider Setup section.
3. Click Add New IDP.                                                                                                                                                                                         
4. Click RSA SecureID.                                                                                                                                                                                     
5. Click Select this IDP as the Default Identity Provider toggle and click Upload IDP Metadata.
6. Provide the following details:
   1. Identity Provider Name – Name of the Identity Provider Configured.
   2. Upload Metadata – Click Choose File and upload the metadata file downloaded from RSA.
   3. Click Upload.                                                                                                                                                                                        
7. Click Redirection & SSO Links section.
8. Under Auto-Redirection from site, choose Redirect to default IDP if user not logged in.
9. Click Enable Backdoor Login toggle and click Update.
10. Under the Login section, select your configured Identity Provider and click Select, click Add a Single Sign on the WordPress login page (Skip the last two steps if only IdP initiated flow configured).
11. Scroll down and click Update.
12. Under Service Provider Metadata section click Download XML Metadata (this file will be used to configure the RSA platform).