WordPress
Supported Features
The integration currently supports the following features:
- SAML
- OpenID Connect
- JIT (Just In Time) Provisioning
Configuration
Wordpress Config
-
Download the OpenID Connect plugin for Wordpress (license: GPLv2): https://wordpress.org/plugins/daggerhart-openid-connect-generic
-
Install the plugin using Wordpress admin page or by copying the downloaded content in wordpress/wp-content/plugins, then activate it in the Plugins tab of the Wordpress admin page.
-
In Settings, then OpenID Connect Client, complete the following parameters:
Login Type: Auto Login-SSO
Client ID: trustelem.oidc.gi3XXXX
Client Secret Key: vly5yqnXXXX
OpenID Scope: email profile openid
Login Endpoint URL: https://mydomain.trustelem.com/app/160XXX/auth
Userinfo Endpoint URL: https://mydomain.trustelem.com/app/160XXX/userinfo
Token Validation Endpoint URL: https://mydomain.trustelem.com/app/160XXX/token
End Session Endpoint URL: https://mydomain.trustelem.com/app/160XXX/on_logout
Identity Key: name
Nickname Key: name
-
We recommend to activate the following options:
- Link Existing Users: create unknown users or update existing users
- Redirect Back to Origin Page: redirect users to the page on which they were before the authentication
- Redirect to the login screen session is expired
- Enforce Privacy
-
Nota:
- Those parameters are optional. Their description is in the Wordpress admin dashboard
- Let the other parameters to their original value
Trustelem Config
- Setup Trustelem with the following parameters:
- Wordpress server URL
- Login URL: the application's URL starting the OIDC flow. It is used as a target to the application on the Trustelem user's dashboard.
Beware of access control policies
-
If the user identified by Trustelem doesn't exist in Wordpress, it will be automatically created.
-
So access control policies have to be set up carefully on the Access Rules tab of the Trustelem admin dashboard.
Wordpress Config
-
Download the SAML plugin for Wordpress: https://wordpress.org/plugins/wp-saml-auth/
-
Install the plugin using Wordpress admin page or by copying the downloaded content in wordpress/wp-content/plugins, then activate it in the Plugins tab of the Wordpress admin page.
-
In Settings, then WP SAML AUTH, complete the following parameters:
- Auto Provision: if checked, a new Wordpress user will be provision at his first log in
- Permit WordPress login: if checked, Wordpress users can be authenticated using Trustelem and a standard login form
- Get User By: let default value "email"
-
Base URL: provide Wordpress url, for example
https://mywordpress.tld
-
In Service Provider Settings:
-
Entity ID: provide your Wordpress url, for example
https://wordpress.tld -
ACS: provide your Wordpress login url, for example
https://wordpress.tld/wp-login.php
-
Entity ID: provide your Wordpress url, for example
-
In Identity Provider Settings
Entity ID: https://mydomain.trustelem.com/app/160XXX/
Single SignOn Service URL: https://mydomain.trustelem.com/app/160XXX/sso
Single Logout Service URL: https://mydomain.trustelem.com/app/160XXX/on_logout
-
Download the Trustelem application certificate and save it in your Wordpress repository
On the field x509 Certificate Path provide the path of your certificate
For example ABSPATH/wp-content/cert-trustelem.pem -
Certificate Fingerprint: let this field empty
-
Certificate Fingerprint Algorithm: let this field empty
-
In Attribute Mappings
user_login: email
user_email: email
display_name: displayname
first_name: firstname
last_name: lastname
- Click on Save Changes
Trustelem Config
- Setup Trustelem with the following parameters:
- Wordpress server URL
- Relay State: the Wordpress URL to target when users use Trustelem dashboard