Apraksts
With this plugin you can use your own WordPress install to authenticate with a webservice that provides OpenID Connect to implement Single-Sign On (SSO) for your users.
The plugin is currently only configured using constants and hooks as follows:
Define the RSA keys
If you don’t have keys that you want to use yet, generate them using these commands:
openssl genrsa -out oidc.key 4096
openssl rsa -in oidc.key -pubout -out public.key
And make them available to the plugin as follows (this needs to be added before WordPress loads):
define( 'OIDC_PUBLIC_KEY', <<<OIDC_PUBLIC_KEY
-----BEGIN PUBLIC KEY-----
...
-----END PUBLIC KEY-----
OIDC_PUBLIC_KEY
);
define( 'OIDC_PRIVATE_KEY', <<<OIDC_PRIVATE_KEY
-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----
OIDC_PRIVATE_KEY
);
Alternatively, you can also put them outside the webroot and load them from the files like this:
define( 'OIDC_PUBLIC_KEY', file_get_contents( '/web-inaccessible/oidc.key' ) );
define( 'OIDC_PRIVATE_KEY', file_get_contents( '/web-inaccessible/private.key' ) );
Define the clients
Define your clients by adding a filter to oidc_registered_clients
in a separate plugin file or functions.php
of your theme or in a MU-plugin like:
add_filter( 'oidc_registered_clients', 'my_oidc_clients' );
function my_oidc_clients() {
return array(
'client_id_random_string' => array(
'name' => 'The name of the Client',
'secret' => 'a secret string',
'redirect_uri' => 'https://example.com/redirect.uri',
'grant_types' => array( 'authorization_code' ),
'scope' => 'openid profile',
),
);
}
Exclude URL from caching
example.com/wp-json/openid-connect/userinfo
: We implement caching exclusion measures for this endpoint by settingCache-Control: 'no-cache'
headers and defining theDONOTCACHEPAGE
constant. If you have a unique caching configuration, please ensure that you manually exclude this URL from caching.
Github Repo
You can report any issues you encounter directly on Github repo: Automattic/wp-openid-connect-server
Atsauksmes
Par šo spraudni nav atsauksmju.
Autori un izstrādātāji
“OpenID Connect Server” ir atvērtā pirmkoda programmatūra. Šo spraudni ir veidojuši šādi cilvēki.
Līdzdalībnieki“OpenID Connect Server” ir tulkots lokalizācijās 3. Paldies tulkotājiem par ieguldījumu.
Tulkot “OpenID Connect Server” savā valodā.
Vai jūs interesē attīstība?
Pārlūkojiet kodu, apmeklējiet SVN krātuvi vai abonējiet attīstības žurnālu, ko izveidojis RSS.
Izmaiņu žurnāls
1.3.4
- Add the autoloader to the uninstall script #111 props @MariaMozgunova
1.3.3
- Fix failing login when Authorize form is non-English [#108]
- Improvements in site health tests for key detection [#104][#105]
1.3.2
- Prevent userinfo endpoint from being cached [#99]
1.3.0
- Return
display_name
as thename
property [#87] - Change text domain to
openid-connect-server
, instead ofwp-openid-connect-server
[#88]
1.2.1
- No user facing changes
1.2.0
- Add
oidc_user_claims
filter [#82]