Please start here if you want to connect your service to the SURFconext platform
Creating a simple OpenID connect RP to log into Wordpress
In this tutorial, we will set up a default Wordpress blog installation to enable login via SURFconext. It only assumes you have installed or an existing Wordpress installation and have installed a Wordpress plugin before. Likely it will not break anything on your existing installation.
Install the Daggerhart OpenID connect plugin for Wordpress, just like you install other plugins. It is available from the WordPress website.
Log into your WordPress as an admin user, and enable it under the Plugins section:
Register your RP via the SP Dashboard
The SP dashboard needs a Redirect URI. You find this all the way at the bottom of the plugins' configuration page (Settings → OpenID Connect Client).
When you publish the RP, the SP dashboard will supply you with a Client ID and Secret, that you can use in the configuration of the plugin.
Configure the plugin
Go to the Settings menu, submenu OpenID Connect Client, then enter the following information:
- Client ID and Secret: this information you obtained via the SP Dashboard (see above).
- The OpenID Scope is openid.
- The URLs can be found in https://oidc.test.surfconext.nl/.well-known/openid-configuration
- A good choice for Identity Key" is "sub": a unique identifier for each user.
The screen will then look like this:
The other options are pretty self-explanatory or explained by the text in the plugin, and defaults will work.
Press the Save changes button at the bottom.
Log out of your Wordpress site, or open a private browser window. Press login. You will now see a "Login with OpenID connect" button at the top of the screen (unless you configured the "SSO" option in the plugin config "Login Type", then this screen will be skipped). You are redirected to SURFconext. Choose the "SURFconext test IdP" and use one of its users (e.g.: user student1, password student1).
The first time, SURFconext will present its consent screen asking you to release attributes to your RP. Press accept, and you will be logged in!
Change text of login button
If you want to make the text of the "Login with OpenID Connect" button more specific, add the following to your theme:
That's all folks!
You can further customise the plugin by setting e.g. what claims (attributes) to use for the user's displayname, what to use as the primary identifier and whether existing users should be linked.
Please direct any questions or comments about this document to firstname.lastname@example.org.