Menu
Mildly Disturbed.
  • Arma3
  • Technology
  • random nonsense
  • NextDoor
  • About me
Mildly Disturbed.

FusionAuth + WordPress [1]

Posted on May 23, 2020May 23, 2020 by jerryhopper

FusionAuth is first-class production-ready identity provider that supports oAuth2, OpenID, SAMLV2 and can be used as a SSO provider for your apps.

WordPress is worlds most used blogging platform with a crowded plugin ecosystem. Finding the right plugin can be a tedious task. In this example we’re using the openid-connect-generic plugin from daggerheart

Pro/Cons

PRO: The openid-connect-generic plugin from daggerheart requires NO code-writing, everything is adjustable via the admin pages. Allows logging out on the idp server. Free and very simple to use.
CON: The plugin is outdated, and has a logout quirk which needs a lot of redirecturls registered. despite that, it works with the latest version of WP. The plugin lacks functionality that maps roles to a user, and there is no option to disable the basic-login on the login-screen.

Why ?

If you own several blogs, you would want to use single sign on between each web application . The primary goal of OAuth is to allow users to interact with (WordPress) sites without requiring them to store sensitive credentials.

Requirements

– A FusionAuth instance.
– A Configured WordPress blog


FusionAuth configuration

Create a application within Fusionauth. Enable the Authorization Code and RefreshToken grant. All values can be found in the application administration of your fusionauth server.

Fill in the redirect and logout urls, like shown below:

Authorized redirect URLs
https://YOURWORDPRESS/wp-admin/admin-ajax.php?action=openid-connect-authorize

Due to the way this plugin logs out, we need to add extra redirect urls with a language-identifier.
https://YOURWORDPRESS/wp-login.php?loggedout=true&wp_lang=nl_NL
https://YOURWORDPRESS/wp-login.php?loggedout=true&wp_lang=en_GB

Logout URL
https:// YOURWORDPRESS /wp-login.php


WordPress Plugin installation

In order to get the openid-connect functionality, we will be using the openid-connect-generic plugin from daggerheart this time.
Install the plugin via the wordpress administration pages.

Openid-connect-generic WordPress plugin.

https://wordpress.org/plugins/daggerhart-openid-connect-generic/

WordPress Plugin configuration

Navigate to the admin pages, and select the ‘Settings->OpenID Connect Client’ page where you have to enter your identity provider settings.

Based on the domain-name of your FusionAuth instance, fill in the configuration values.

Identity Nickname Key

Most of the fields are self-explanatory. The fields Identity Key and Nickname Key need some special attention. these fields maps the primary-key or unique identifier from the oauth user claim.

I recommend setting sub for the Identity Key
and preferred_username for the Nickname Key


Thats it! you can now use your fusionauth instance to login wordpress!

  • fusionauth
  • Leave a Reply Cancel reply

    You must be logged in to post a comment.

    Categories

    • Casefiles (10)
      • Bamboe verkeersborden (1)
      • NextDoor (9)
    • debugging (5)
    • e-smoking (1)
    • gaming (5)
      • Arma3 (4)
        • Real vs Arma (4)
      • Ingress (1)
    • random nonsense (5)
    • Technology (17)
      • Privacy (10)
    • Uncategorized (7)

    Archives

    • October 2020 (1)
    • September 2020 (1)
    • August 2020 (1)
    • June 2020 (1)
    • May 2020 (1)
    • February 2020 (1)
    • January 2020 (1)
    • December 2019 (2)
    • October 2019 (3)
    • September 2019 (5)
    • August 2019 (3)
    • July 2019 (12)
    • April 2019 (1)

    Tags

    arm arm64 arma3 armhf biomassa c-130 c130 docker dutch elastic english fusionauth identitymanagement ingress kvm lol nederlands oauth2 photo privacy proxmox qemu realvsarma stuck@installation tools virtualisation
    ©2021 Mildly Disturbed. | Powered by WordPress & Superb Themes