Install and Configure OpenID Connect (OIDC) Client for WordPress in an AFS-based Virtual Host


WordPress CMS, AFS virtual host


How to install and configure OpenID Connect (OIDC) client for WordPress CMS in an AFS-based virtual host.

Before You Begin

  1. The steps below describe how to install and configure the  OpenID Connect Generic Client WordPress plugin for your WordPress website.
    For an alternative solution, see the ITS Knowledge Article Configure WordPress Site to Restrict Access Using OIDC Logins and MCommunity Groups.  This alternative
    • uses the UMich OIDC Login WordPress Plugin
    • supports restricting access using MCommunity groups
    • does not require visitors to have a WordPress user account on your website in order to authenticate

    Important note:  You can only use one of the two plugins above (UMich OIDC Login and OpenID Connect Generic Client).  Attempting to use both plugins at the same time will break your website.

  2. You will need to obtain OIDC credentials for your site
    • These can be self-provisioned using the OIDC Provisioning and Management (OPaM) tool
    • Provision OIDC service client credentials for your site per the instructions in the following ITS Knowledge Article: How to Provision OIDC Service Client Credentials


  1. Install the “OpenID Connect Generic Client” by daggerhart
    1. From the site administrator dashboard, navigate to “Plugins → Add New” and do a keyword search for “daggerhart” in the search bar
    2. Press the 'Install now' button
  2. Again, follow the instructions in the following document to use the ssh-sftp-updater-support plugin to install the OpenID Connect Generic Client: Updating ITS Web Hosting WordPress Sites Within the WP Dashboard
  3. After the plugin is installed, configure it by navigating to “Settings → OpenID Connect Client” in the site administrator dashboard:

View of the configure plugin menu from the site administrator dashboard

  1. Configure the plugin using the following settings:

Setting Name

Setting Value

Login Type Auto Login - SSO
Client ID ${OIDC_ID}
Client Secret Key ${OIDC_SECRET}
OpenID Scope openid email profile
Login Endpoint URL
Userinfo Endpoint URL
Token Validation Endpoint URL
End Session Endpoint URL
Enable Refresh Token unchecked
Link Existing Users checked
Redirect Back to Origin Page checked
Redirect to the login screen when session is expired checked
  1. Save the updated settings using the 'Save' button at the bottom of the configuration page

Additional Information

Need additional information or assistance? Contact the ITS Service Center.

Print Article


Article ID: 8341
Mon 6/27/22 1:06 PM
Tue 9/5/23 11:29 AM

Related Articles (3)

How to configure a WordPress website to restrict access to the whole site or only certain parts based on OpenID Connect (OIDC) login and MCommunity group membership information.