Reconfigure a WordPress Site in an AFS-based Virtual Host to use OpenID Connect (OIDC) Client for Web Application based Authentication

Environment

WordPress CMS, AFS virtual host

Issue

How to reconfigure WordPress CMS in an AFS-based virtual host to use OpenID Connect Client for web application based authentication

Resolution

  1. There are minimum PHP version requirements
    1. The AFS Virtual Web Hosting service offered by ITS Web Hosting provides server environments for both PHP 7.3 and 8.1
    2. If your site is currently running on an older version of PHP, you will need to upgrade
    3. To do so, you need to contact the ITS Web Hosting Team at webmaster@umich.edu to request migration to one of these newer PHP environments
  2. Your website must be designed and configured for HTTPS only
    1. If any part of your Wordpress instance is accessible by HTTP rather than HTTPS, you will need to reconfigure your site so all pages are accessible only via HTTPS
  3. If you are migrating from "mod_auth_openidc" for authentication, you will need to make changes to your site to remove any related configuration and/or plugin(s) 
    1. Please refer to the Knowledge Base article #8929 Identify and Remove "mod_auth_openidc" Configurations from an AFS-based Virtual Host
  4. You will need to contact the ITS Web Team to request changes to remove any mod_auth_openidc configuration at the web server (Apache HTTPD) layer as well
  5. Install and configure an OIDC plugin in your WordPress instance.  There are two plugins to choose from. Important note: You can only use one of these two plugins -- attempting to use both plugins at the same time will break your website
    1. UMich OIDC Login WordPress plugin
      1. Key points: allows restricting access using MCommunity groups, visitors do not need a WordPress user account on your website in order to authenticate
      2. Instructions: Configure WordPress Site to Restrict Access Using OIDC Logins and MCommunity Groups
    2. OpenID Connect Generic Client WordPress plugin
      1. Key points: simpler to install and use and more mature than the UMich OIDC Login plugin, but does not support restricting access via MCommunity groups
      2. Instructions: Install and Configure OpenID Connect (OIDC) Client for WordPress in an AFS-based Virtual Host

 

If you'd like to use the WordPress dashboard to manage updates and plugin/theme installations, see this related Knowledge Article: #3148 Updating ITS Web Hosting WordPress Sites Within the WP Dashboard.

Additional Information

Need additional information or assistance? Contact the ITS Service Center.

Print Article

Related Articles (4)

Configure WordPress Site to Restrict Access Using OIDC Logins and MCommunity Groups
How to configure a WordPress website to restrict access to the whole site or only certain parts based on OpenID Connect (OIDC) login and MCommunity group membership information.
Install and Configure OpenID Connect (OIDC) Client for WordPress in an AFS-based Virtual Host
Procedure to install and configure OpenID Connect (OIDC) client WordPress plugin in AFS-based virtual host environment
Updating ITS Web Hosting WordPress Sites Within the WP Dashboard
Installing the ssh-sftp-updater-support plugin in an AFS-based WordPress site