Background
The WordPress Authorizer plugin supports OpenID Connect (OIDC). This plugin can be used to integrate WordPress with CalNet's SSO system. For more information on support for OIDC see OIDC Integration with CalNet.
Example Configuration
These are the high level steps to configure WordPress Authorizer for use with CalNet's SSO system using OIDC.
- Submit an SSO service request for OIDC.
- Once you have the client_id and client_secret you can configure Authorizer using the following settings under External Service:
Field Value OIDC Logins Enable OIDC logins Custom label Sign in with CalNet Issuer URL https://auth.berkeley.edu/cas/oidc/.well-known (production)
https://auth-test.berkeley.edu/cas/oidc/.well-known (test)Client ID <provided by CalNet in step 1> Client Secret <provided by CalNet in step 1> Scopes openid email profile Attribute containing username preferred_username Attribute containing email email Attribute containing first name given_name Attribute containing last name family_name OIDC Hosted Domain berkeley.edu - Your configuration should look similar to the following example:
- Recommended: Once SSO is tested you should configured the Authorizer > Advanced > Disable WordPress Logins setting to be enabled. If you are working with a vendor you can add a bypass username. Disabling WordPress logins in favor of SSO will help prevent brute force login attempts.
Notes
- The user name attribute preferred_username is the CalNet ID by default. If you need a different unique identifier in that field please request that as part of step 1.
- The OIDC automatic login option should be left unchecked until after you validate SSO is working.