In order to use your WordPress site as an Identity Provider to SSO into CollaborNation you must first install the OpenID Connect Plugin to your WordPress site.
Installing the Plugin and configuring your WordPress environment
There are many ways to install a WordPress plugin, but using the web interface to add the plugin is recommended method to initially get the plugin onto the site. You will need someone with server access to configure security keys for your site, and you will need either a custom theme, custom plugin, or a must-use plugin (MU Plugin) so that you can add a custom filter.
Once installed, you will need someone with access to the web server to generate public and private RSA keys for use with the plugin. It is recommended to generate these keys in a location not accessible in your web root (that is, no one can access them by going to a URL on the web). For the sake of this article we will suggest placing them in a "/foo/" directory.
openssl genrsa -out oidc.key 4096 openssl rsa -in oidc.key -pubout -out public.key
Once generated. update the WordPress wp_config.php file to add the following lines where you have the other define statements near the top of the file.
define( 'OIDC_PUBLIC_KEY', file_get_contents( '/foo/oidc.key' ) ); define( 'OIDC_PRIVATE_KEY', file_get_contents( '/foo/private.key' ) );
From here you will then need to add the following to your custom theme/plugin, or MU-plugin.
add_filter( 'oidc_registered_clients', 'my_oidc_clients' ); function my_oidc_clients() { return array( 'client_id_collabornation' => array( 'name' => 'CollaborNation', 'secret' => 'example client secret', 'redirect_uri' => '', 'grant_types' => array( 'authorization_code' ), 'scope' => 'openid email profile', ), ); }
The above setup will add a Client ID named client_id_collabornation, and a Client secret with the value example client secret. You will need these values when configuring within CollaborNation. You will also need to edit the redirect_uri setting once you are done configuring things in CollaborNation.
Configuration within CollaborNation
As an account with Site Administrator capability, visit the Admin Tools section of the site and select OpenID Connectors.
From this page you you will see a page that lists the current connectors, and a button to create a new a connector.
From here you will create a connector with the Client ID and Client secret you configured above, and then use the following URLs. You will replace "example.com" with the URL of your WordPress site.
- Authorization URL - https://example.com/wp-json/openid-connect/authorize
- Token UR - https://example.com/wp-json/openid-connect/token
- User Info URL - https://example.com/wp-json/openid-connect/userinfo
Once added, you will be taken back to the main OpenID Connectors listing screen. This screen will display an OAuth Redirect URL for this connector you will use in the next section.
Finishing up the WordPress Config
Returning to the section you defined the my_oidc_clients function, you must edit the redirect_uri value to set add the OAuth Redirect URL from the previous set.
add_filter( 'oidc_registered_clients', 'my_oidc_clients' ); function my_oidc_clients() { return array( 'client_id_collabornation' => array( 'name' => 'CollaborNation', 'secret' => 'example client secret', 'redirect_uri' => 'https://collabornation.net/openid-connect/collabornation/EXAMPLE_VALUE_HERE', 'grant_types' => array( 'authorization_code' ), 'scope' => 'openid email profile', ), ); }