Page tree
Skip to end of metadata
Go to start of metadata

Please start here if you want to connect your service to the SURFconext platform

Creating a simple OpenID connect RP to log into Wordpress

In this tutorial, we will set up a default Wordpress blog installation to enable login via SURFconext. It only assumes you have installed or an existing Wordpress installation and have installed a Wordpress plugin before. Likely it will not break anything on your existing installation.

Install plugin

Install the Daggerhart OpenID connect plugin for Wordpress, just like you install other plugins. It is available from the WordPress website.

Log into your WordPress as an admin user, and enable it under the Plugins section:

Register your RP via the SP Dashboard

Register your RP via the SP Dashboard. If you don't have access yet, please let us know via More info on the SP Dashboard is found here.

The SP dashboard needs a Redirect URI. You find this all the way at the bottom of the plugins' configuration page (Settings → OpenID Connect Client).

When you publish the RP, the SP dashboard will supply you with a Client ID and Secret, that you can use in the configuration of the plugin.

Configure the plugin

Go to the Settings menu, submenu OpenID Connect Client, then enter the following information:

The screen will then look like this (take the URLs from the link above, the ones in the image are legacy).

The other options are pretty self-explanatory or explained by the text in the plugin, and defaults will work.

Press the Save changes button at the bottom.

Log in

Log out of your Wordpress site, or open a private browser window. Press login. You will now see a "Login with OpenID connect" button at the top of the screen (unless you configured the "SSO" option in the plugin config "Login Type", then this screen will be skipped). You are redirected to SURFconext. Choose the "SURFconext test IdP" and use one of its users (e.g.: user student1, password student1).

The first time, SURFconext will present its consent screen asking you to release attributes to your RP. Press accept, and you will be logged in!

Change text of login button

If you want to make the text of the "Login with OpenID Connect" button more specific, add the following to your theme:

add_filter('openid-connect-generic-login-button-text', function( $text ) {
    $text = __('Log in with SURFconext');
    return $text;

That's all folks!

You can further customise the plugin by setting e.g. what claims (attributes) to use for the user's displayname, what to use as the primary identifier and whether existing users should be linked.

Please direct any questions or comments about this document to