# WordPress
#### Supported Features
The integration currently supports the following features:
* SAML
* OpenID Connect
* JIT (Just In Time) Provisioning
#### Configuration
##### Wordpress Config
* Download the OpenID Connect plugin for Wordpress (license: GPLv2):
* Install the plugin using Wordpress admin page or by copying the downloaded content in **wordpress/wp-content/plugins**, then activate it in the **Plugins** tab of the Wordpress admin page.
* In **Settings**, then **OpenID Connect Client**, complete the following parameters:
```exp
Login Type: Auto Login-SSO
Client ID: trustelem.oidc.gi3XXXX
Client Secret Key: vly5yqnXXXX
OpenID Scope: email profile openid
Login Endpoint URL: https://mydomain.trustelem.com/app/160XXX/auth
Userinfo Endpoint URL: https://mydomain.trustelem.com/app/160XXX/userinfo
Token Validation Endpoint URL: https://mydomain.trustelem.com/app/160XXX/token
End Session Endpoint URL: https://mydomain.trustelem.com/app/160XXX/on_logout
Identity Key: name
Nickname Key: name
```
* We recommend to activate the following options:
* Link Existing Users: create unknown users or update existing users
* Redirect Back to Origin Page: redirect users to the page on which they were before the authentication
* Redirect to the login screen session is expired
* Enforce Privacy
* Nota:
* Those parameters are optional. Their description is in the Wordpress admin dashboard
* Let the other parameters to their original value
##### Trustelem Config
* Setup Trustelem with the following parameters:
* Wordpress server URL
* Login URL: the application's URL starting the OIDC flow. It is used as a target to the application on the Trustelem user's dashboard.
#### Beware of access control policies
* If the user identified by Trustelem doesn't exist in Wordpress, it will be automatically created.
* So access control policies have to be set up carefully on the **Access Rules** tab of the Trustelem admin dashboard.
##### Wordpress Config
* Download the SAML plugin for Wordpress:
* Install the plugin using Wordpress admin page or by copying the downloaded content in wordpress/wp-content/plugins, then activate it in the Plugins tab of the Wordpress admin page.
* In Settings, then WP SAML AUTH, complete the following parameters:
* **Auto Provision**: if checked, a new Wordpress user will be provision at his first log in
* **Permit WordPress login**: if checked, Wordpress users can be authenticated using Trustelem and a standard login form
* **Get User By**: let default value "email"
* **Base URL**: provide Wordpress url, for example `https://mywordpress.tld`
* In Service Provider Settings:
* **Entity ID**: provide your Wordpress url, for example `https://wordpress.tld`
* **ACS**: provide your Wordpress login url, for example `https://wordpress.tld/wp-login.php`
* In Identity Provider Settings
```exp
Entity ID: https://mydomain.trustelem.com/app/160XXX/
Single SignOn Service URL: https://mydomain.trustelem.com/app/160XXX/sso
Single Logout Service URL: https://mydomain.trustelem.com/app/160XXX/on_logout
```
* Download the Trustelem application certificate and save it in your Wordpress repository
On the field **x509 Certificate Path** provide the path of your certificate
*For example ABSPATH/wp-content/cert-trustelem.pem*
* Certificate Fingerprint: let this field empty
* Certificate Fingerprint Algorithm: let this field empty
* In Attribute Mappings
```exp
user_login: email
user_email: email
display_name: displayname
first_name: firstname
last_name: lastname
```
* Click on Save Changes
##### Trustelem Config
* Setup Trustelem with the following parameters:
* Wordpress server URL
* Relay State: the Wordpress URL to target when users use Trustelem dashboard