Описание
With this plugin you can use your own WordPress install to authenticate with a webservice that provides OpenID Connect to implement Single-Sign On (SSO) for your users.
The plugin is currently only configured using constants and hooks as follows:
Define the RSA keys
If you don’t have keys that you want to use yet, generate them using these commands:
openssl genrsa -out oidc.key 4096
openssl rsa -in oidc.key -pubout -out public.key
And make them available to the plugin as follows (this needs to be added before WordPress loads):
define( 'OIDC_PUBLIC_KEY', <<<OIDC_PUBLIC_KEY
-----BEGIN PUBLIC KEY-----
...
-----END PUBLIC KEY-----
OIDC_PUBLIC_KEY
);
define( 'OIDC_PRIVATE_KEY', <<<OIDC_PRIVATE_KEY
-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----
OIDC_PRIVATE_KEY
);
Alternatively, you can also put them outside the webroot and load them from the files like this:
define( 'OIDC_PUBLIC_KEY', file_get_contents( '/web-inaccessible/oidc.key' ) );
define( 'OIDC_PRIVATE_KEY', file_get_contents( '/web-inaccessible/private.key' ) );
Define the clients
Define your clients by adding a filter to oidc_registered_clients
in a separate plugin file or functions.php
of your theme or in a MU-plugin like:
add_filter( 'oidc_registered_clients', 'my_oidc_clients' );
function my_oidc_clients() {
return array(
'client_id_random_string' => array(
'name' => 'The name of the Client',
'secret' => 'a secret string',
'redirect_uri' => 'https://example.com/redirect.uri',
'grant_types' => array( 'authorization_code' ),
'scope' => 'openid profile',
),
);
}
Exclude URL from caching
example.com/wp-json/openid-connect/userinfo
: We implement caching exclusion measures for this endpoint by settingCache-Control: 'no-cache'
headers and defining theDONOTCACHEPAGE
constant. If you have a unique caching configuration, please ensure that you manually exclude this URL from caching.
Github Repo
You can report any issues you encounter directly on Github repo: Automattic/wp-openid-connect-server
Отзывы
Нет отзывов об этом плагине.
Участники и разработчики
«OpenID Connect Server» — проект с открытым исходным кодом. В развитие плагина внесли свой вклад следующие участники:
Участники«OpenID Connect Server» переведён на 3 языка. Благодарим переводчиков за их работу.
Перевести «OpenID Connect Server» на ваш язык.
Заинтересованы в разработке?
Посмотрите код, проверьте SVN репозиторий, или подпишитесь на журнал разработки по RSS.
Журнал изменений
1.3.4
- Add the autoloader to the uninstall script #111 props @MariaMozgunova
1.3.3
- Fix failing login when Authorize form is non-English [#108]
- Improvements in site health tests for key detection [#104][#105]
1.3.2
- Prevent userinfo endpoint from being cached [#99]
1.3.0
- Return
display_name
as thename
property [#87] - Change text domain to
openid-connect-server
, instead ofwp-openid-connect-server
[#88]
1.2.1
- No user facing changes
1.2.0
- Add
oidc_user_claims
filter [#82]