Disgrifiad
With this plugin you can use your own WordPress install to authenticate with a webservice that provides OpenID Connect to implement Single-Sign On (SSO) for your users.
The plugin is currently only configured using constants and hooks as follows:
Define the RSA keys
If you don’t have keys that you want to use yet, generate them using these commands:
openssl genrsa -out oidc.key 4096
openssl rsa -in oidc.key -pubout -out public.key
And make them available to the plugin as follows (this needs to be added before WordPress loads):
define( 'OIDC_PUBLIC_KEY', <<<OIDC_PUBLIC_KEY
-----BEGIN PUBLIC KEY-----
...
-----END PUBLIC KEY-----
OIDC_PUBLIC_KEY
);
define( 'OIDC_PRIVATE_KEY', <<<OIDC_PRIVATE_KEY
-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----
OIDC_PRIVATE_KEY
);
Alternatively, you can also put them outside the webroot and load them from the files like this:
define( 'OIDC_PUBLIC_KEY', file_get_contents( '/web-inaccessible/oidc.key' ) );
define( 'OIDC_PRIVATE_KEY', file_get_contents( '/web-inaccessible/private.key' ) );
Define the clients
Define your clients by adding a filter to oidc_registered_clients
in a separate plugin file or functions.php
of your theme or in a MU-plugin like:
add_filter( 'oidc_registered_clients', 'my_oidc_clients' );
function my_oidc_clients() {
return array(
'client_id_random_string' => array(
'name' => 'The name of the Client',
'secret' => 'a secret string',
'redirect_uri' => 'https://example.com/redirect.uri',
'grant_types' => array( 'authorization_code' ),
'scope' => 'openid profile',
),
);
}
Exclude URL from caching
example.com/wp-json/openid-connect/userinfo
: We implement caching exclusion measures for this endpoint by settingCache-Control: 'no-cache'
headers and defining theDONOTCACHEPAGE
constant. If you have a unique caching configuration, please ensure that you manually exclude this URL from caching.
Github Repo
You can report any issues you encounter directly on Github repo: Automattic/wp-openid-connect-server
Adolygiadau
There are no reviews for this plugin.
Contributors & Developers
“OpenID Connect Server” is open source software. The following people have contributed to this plugin.
Cyfranwyr“OpenID Connect Server” has been translated into 3 locales. Thank you to the translators for their contributions.
Translate “OpenID Connect Server” into your language.
Interested in development?
Browse the code, check out the SVN repository, or subscribe to the development log by RSS.
Cofnod Newid
1.3.4
- Add the autoloader to the uninstall script #111 props @MariaMozgunova
1.3.3
- Fix failing login when Authorize form is non-English [#108]
- Improvements in site health tests for key detection [#104][#105]
1.3.2
- Prevent userinfo endpoint from being cached [#99]
1.3.0
- Return
display_name
as thename
property [#87] - Change text domain to
openid-connect-server
, instead ofwp-openid-connect-server
[#88]
1.2.1
- No user facing changes
1.2.0
- Add
oidc_user_claims
filter [#82]