OpenIDConnect with Wordpress in UCS

phiku · March 25, 2019, 9:28am

Hey,

I have succsessfully configuered SAML-Login with UCS and Worpress but I would like compare it with other SSO-Logins. SAML works perfect. I use the free wordpress-plugin miniorange SAML 2.0 SSO and together with Kerberos-SSO the users use only the login-button at Wordpress-site.

So I choose to install OpenIDConnect like it is written in the Blog here https://www.univention.de/blog-de/2018/12/openid-connect-provider/
with wordpress.
It seems really easy to configure but it’ won’t work. I get an error at the Wordpress-Login-page
“invalid user claim”

What is the User claim in this example? I guess it’s the email…

All Users in my Directory has a vailid E-Mail-Address’.

Info: Wordpress runs on a UCS-Memberserver und the OICD Provider is installed on the Master.

Whats’s wrong here? Any Ideas.

kind regards,

phiku

phiku · March 26, 2019, 8:11am

I find a misconfiguration at my OIDC RP in Wordpress and now it works pretty good. I alos change my SAML plugin to Onelogin SAML Plugin. The miniorange is good for beginners and to learn about the SAML configuration, but most Enterprise functions are not for free. Onelogin is a better choice to manage Autorization with Role and Groups.