説明
This plugin allows to authenticate users against OpenID Connect OAuth2 API with Authorization Code Flow.
Once installed, it can be configured to automatically authenticate users (SSO), or provide a “Login with OpenID Connect”
button on the login form. After consent has been obtained, an existing user is automatically logged into WordPress, while
new users are created in WordPress database.
Much of the documentation can be found on the Settings > OpenID Connect Generic dashboard page.
Please submit issues to the Github repo: https://github.com/daggerhart/openid-connect-generic
インストール
- Upload to the
/wp-content/plugins/directory - Activate the plugin
- Visit Settings > OpenID Connect and configure to meet your needs
FAQ
- What is the client’s Redirect URI?
-
Most OAuth2 servers will require whitelisting a set of redirect URIs for security purposes. The Redirect URI provided
by this client is like so: https://example.com/wp-admin/admin-ajax.php?action=openid-connect-authorizeReplace
example.comwith your domain name and path to WordPress. - Can I change the client’s Redirect URI?
-
Some OAuth2 servers do not allow for a client redirect URI to contain a query string. The default URI provided by
this module leverages WordPress’sadmin-ajax.phpendpoint as an easy way to provide a route that does not include
HTML, but this will naturally involve a query string. Fortunately, this plugin provides a setting that will make use of
an alternate redirect URI that does not include a query string.On the settings page for this plugin (Dashboard > Settings > OpenID Connect Generic) there is a checkbox for
Alternate Redirect URI. When checked, the plugin will use the Redirect URI
https://example.com/openid-connect-authorize.
評価
2019年7月18日
I use it with keycloak.
It works without problems.
2019年3月20日
This pluggin is pretty good, it works prefectly for me using my own OpenID Connect Provider (Gluu Server). The only problem I found, it was that when I try to loggout, this function does not work, so I had to make some implemantations to fix this important problem.
2019年2月6日
In fact, I used the plugin to debug our less-than-perfect server-side OpenID Connect implementation from *vendor name withheld*.
2018年7月24日
Hi,
I have searching the plugin for OpenID client, most of them are not work at spot. But this plugin make me easy and well integrate with billing system we have.
This could be good, if for the "AUTO login - SSO" also support the Woocommerce login page, which it return url at "/my-account"
I wish this plugin keeping improve. We can help to provide feedback for that.
Well done! and Thanks
2018年5月28日
Using it with identityserver4 and has all the stuff I need. Thanks!
2018年2月25日
This plugin is far superior to the earlier generic OpenID Connect plugin that was available here in the WordPress directory, and it's actively maintained. I started using it from the GitHub repo before it was available in the official directory. This plugin provides the features needed to work with any OpenID Connect authentication service.
I work with researchers and scientists in the academic community, and I use this plugin to allow people to login to WordPress sites using their campus ids rather than creating a new ID for each site. (Folks who work in academic communities already have login services provided by their institutions. The last thing they need is yet another username and password to keep track of!) Combined with Globus (www.globus.org, see below), this OpenID Connect plugin provides a solid solution.
Globus is a non-profit research data management service for the academic and scientific research community. One of the features we offer is an OpenID Connect-based authentication service. We currently have 90,000+ researchers at 450+ institutions using Globus to login and manage data for their work. Globus allows researchers to use their campus login services (for example: Berkeley, Harvard, University of Maryland) to login. And, because academics often have accounts at more than one institution, Globus allows them to link their identities from different providers (like Google or ORCID) so they can use them interchangeably and in combination.
貢献者と開発者
“OpenID Connect Generic Client” をあなたの言語に翻訳しましょう。
開発に興味がありますか ?
変更履歴
3.5.0
- Readme fix: @thijskh – Fix syntax error in example openid-connect-generic-login-button-text
- Feature: @slavicd – Allow override of the plugin by posting credentials to wp-login.php
- Feature: @gassan – New action on use login
- Fix: @daggerhart – Avoid double question marks in auth url query string
- Fix: @drzraf – wp-cli bootstrap must not inhibit custom rewrite rules
- Syntax change: @mullikine – Change PHP keywords to comply with PSR2
3.4.1
- Minor documentation update and additional error checking.
3.4.0
- Feature: @drzraf – New filter hook: ability to filter claim and derived user data before user creation.
- Feature: @anttileppa – State time limit can now be changed on the settings page.
- Fix: @drzraf – Fix PHP notice when using traditional login, $token_response may be empty.
- Fix: @drzraf – Fixed a notice when cookie does not contain expected redirect_url
3.3.1
- Prefixing classes for more efficient autoloading.
- Avoid altering global wp_remote_post() parameters.
- Minor metadata updates for wp.org
3.3.0
- Fix: @pjeby – Handle multiple user sessions better by using the
WP_Session_Tokensobject. Predecessor to fixes for multiple other issues: #49, #50, #51
3.2.1
- Bug fix: @svenvanhal – Exit after issuing redirect. Fixes #46
3.2.0
- Feature: @robbiepaul – trigger core action
wp_loginwhen user is logged in through this plugin - Feature: @moriyoshi – Determine the WP_User display name with replacement tokens on the settings page. Tokens can be any property of the user_claim.
- Feature: New setting to set redirect URL when session expires.
- Feature: @robbiepaul – New filter for modifying authentication URL
- Fix: @cedrox – Adding id_token_hint to logout URL according to spec
- Bug fix: Provide port to the request header when requesting the user_claim
3.1.0
- Feature: @rwasef1830 – Refresh tokens
- Feature: @rwasef1830 – Integrated logout support with end_session endpoint
- Feature: May use an alternate redirect_uri that doesn’t rely on admin-ajax
- Feature: @ahatherly – Support for IDP behind reverse proxy
- Bug fix: @robertstaddon – case insensitive check for Bearer token
- Bug fix: @rwasef1830 – “redirect to origin when auto-sso” cookie issue
- Bug fix: @rwasef1830 – PHP Warnings headers already sent due to attempts to redirect and set cookies during login form message
- Bug fix: @rwasef1830 – expire session when access_token expires if no refresh token found
- UX fix: @rwasef1830 – Show login button on error redirect when using auto-sso
3.0.8
- Feature: @wgengarelly – Added
openid-connect-generic-update-user-using-current-claimaction hook allowing other plugins/themes
to take action using the fresh claims received when an existing user logs in.
3.0.7
- Bug fix: @wgengarelly – When requesting userinfo, send the access token using the Authorization header field as recommended in
section 5.3.1 of the specs.
3.0.6
- Bug fix: @robertstaddon – If “Link Existing Users” is enabled, allow users who login with OpenID Connect to also log in with WordPress credentials
3.0.5
- Feature: @robertstaddon – Added
[openid_connect_generic_login_button]shortcode to allow the login button to be placed anywhere - Feature: @robertstaddon – Added setting to “Redirect Back to Origin Page” after a successful login instead of redirecting to the home page.
3.0.4
- Feature: @robertstaddon – Added setting to allow linking existing WordPress user accounts with newly-authenticated OpenID Connect login
3.0.3
- Using WordPresss’s is_ssl() for setcookie()’s “secure” parameter
- Bug fix: Incrementing username in case of collision.
- Bug fix: Wrong error sent when missing token body
3.0.2
- Added http_request_timeout setting
3.0.1
- Finalizing 3.0.x api
3.0
- Complete rewrite to separate concerns
- Changed settings keys for clarity (requires updating settings if upgrading from another version)
- Error logging
2.1
- Working my way closer to spec. Possible breaking change. Now checking for preferred_username as priority.
- New username determination to avoid collisions
2.0
Complete rewrite