Please start here if you want to connect your service to the SURFconext platform

Creating a simple OpenID connect RP to log into Wordpress

In this tutorial, we will set up a default Wordpress blog installation to enable login via SURFconext. It only assumes you have installed or an existing Wordpress installation and have installed a Wordpress plugin before. Likely it will not break anything on your existing installation.

Install plugin

Install the Daggerhart OpenID connect plugin for Wordpress, just like you install other plugins. It is available from the WordPress website.

Log into your WordPress as an admin user, and enable it under the Plugins section:

SURFconext - Get Conexted > My First RP - Wordpress > Screenshot_2019-02-13 Plugins ‹ THKI WPRP — WordPress.png

Register your RP via the SP Dashboard

Register your RP via the SP Dashboard. If you don't have access yet, please let us know via support@surfconext.nl. More info on the SP Dashboard is found here.

The SP dashboard needs a Redirect URI. You find this all the way at the bottom of the plugins' configuration page (Settings → OpenID Connect Client).

When you publish the RP, the SP dashboard will supply you with a Client ID and Secret, that you can use in the configuration of the plugin.

SURFconext - Get Conexted > My First RP - Wordpress > clientidandsecret.png

Configure the plugin

Go to the Settings menu, submenu OpenID Connect Client, then enter the following information:

Client ID and Secret: this information you obtained via the SP Dashboard (see above).
The OpenID Scope is openid.
The URLs can be found in https://connect.test.surfconext.nl/.well-known/openid-configuration
A good choice for Identity Key" is "sub": a unique identifier for each user.

The screen will then look like this (take the URLs from the link above, the ones in the image are legacy).

SURFconext - Get Conexted > My First RP - Wordpress > Screenshot_2019-02-18 OpenID Connect - Generic Client ‹ THKI WPRP — WordPress.png

The other options are pretty self-explanatory or explained by the text in the plugin, and defaults will work.

Press the Save changes button at the bottom.

Log in

Log out of your Wordpress site, or open a private browser window. Press login. You will now see a "Login with OpenID connect" button at the top of the screen (unless you configured the "SSO" option in the plugin config "Login Type", then this screen will be skipped). You are redirected to SURFconext. Choose the "SURFconext test IdP" and use one of its users (e.g.: user student1, password student1).

The first time, SURFconext will present its consent screen asking you to release attributes to your RP. Press accept, and you will be logged in!

SURFconext - Get Conexted > My First RP - Wordpress > screenshotwp.png

Change text of login button

If you want to make the text of the "Login with OpenID Connect" button more specific, add the following to your theme:

add_filter('openid-connect-generic-login-button-text', function( $text ) {
    $text = __('Log in with SURFconext');
    
    return $text;
});

That's all folks!

You can further customise the plugin by setting e.g. what claims (attributes) to use for the user's displayname, what to use as the primary identifier and whether existing users should be linked.

Please direct any questions or comments about this document to support@surfconext.nl.