WP-Config.php | Multiple Identity Providers (IdPs)

Export a configuration

Steps in this Topic

The recommended workflow to configure WPO365 to support multiple Identity Providers (IdPs), involves the following steps.

  • Start with a working WPO365 Single Sign-on (SSO) configuration, for example one that enable your website’s users to sign in with OpenID Connect or SAML 2.0 and that you have configured using the WPO365 Configuration pages.
  • Then export the IdP portion of that configuration, using the export function on the plugin’s Import / export page.
  • Optionally, update the exported configuration.
  • Continue by adding the exported configuration portion to a local copy of your website’s wp-config.php file (but do not upload it to the site yet).
  • Then delete the WPO365 configuration from the database and configure a second IdP and again make sure that you have a working WPO365 SSO configuration.
  • Now repeat the steps to export the IdP portion of the configuration, optionally updating that export and adding it to the your website’s wp-config.php.
  • When you have added all the IdPs to your local copy of the site’s wp-config.php file, upload it and overwrite the existing version.
  • Finally you can configure the remaining WPO365 features using the WPO365 Configuration pages.

To export the IdP portion of the WPO365 configuration, proceeds as follows.

Export a WPO365 configuration to enable support for multiple Identity Providers
  • Navigate to WP Admin > WPO365 > … > Import \ export.
  • Scroll down to Export configuration (wp-config.php | WPO_AAD_1) and click the button Export configuration.
  • After you clicked the button Export configuration a link will appear immediately below the button to Download parseable AAD options. Click the link to download the file wpo365-parseable-aad-options.txt, save if locally on your computer and open it in your favorite text editor.

Since you intend to repeat this step for at least one more IdP, it is recommended that you rename the file when you save it, so that you don’t overwrite it, when you download the AAD configuration for the next IdP.


array (
  'app_only_application_id' => '',
  'app_only_application_secret' => '',
  'application_id' => 'e737dc1f-0949-4587-911a-------------',
  'application_secret' => 'ySh...',
  'default' => false,
  'id' => '65eed664caef6',
  'mail_application_id' => 'e737dc1f-0949-4587-911a-------------',
  'mail_application_secret' => 'ySh...',
  'mail_redirect_url' => 'https://www.wpo365connect.com/',
  'mail_tenant_id' => '9be34e84-6f85-4365-9a48-------------',
  'redirect_url' => 'https://www.wpo365connect.com/',
  'saml_base_url' => 'https://www.wpo365connect.com/',
  'saml_idp_entity_id' => '',
  'saml_idp_meta_data_url' => '',
  'saml_idp_sls_binding' => '',
  'saml_idp_sls_url' => '',
  'saml_idp_ssos_binding' => '',
  'saml_idp_ssos_url' => '',
  'saml_sp_acs_binding' => '',
  'saml_sp_acs_url' => '',
  'saml_sp_entity_id' => '',
  'saml_sp_sls_binding' => '',
  'saml_sp_sls_url' => '',
  'saml_x509_cert' => '',
  'tenant_id' => '9be34e84-6f85-4365-9a48-------------',
  'title' => 'Title for IdP 65eed664caef6',
  'type' => 'oidc',
)

The file that you downloaded, contains all the necessary internal variables that WPO365 needs, to configure its Single Sign-on feature (for a single IdP) and its (optional) feature to send WordPress emails using Microsoft Graph.


Important You should not change the variable names, add or remove variables. You can, however, change values of variables, if you need to apply changes and if you made sure that the variable in question is indeed the correct one. Last but not least should you make sure that after your changes, the PHP array of variables is still parseable, or else your website will report a critical error and no longer be available, once you add this configuration to your site’s wp-config.php file.


The following variables deserve your special attention.

  • id This identifies the IdP and makes it unique within the WPO365 configuration. The value that is exported has been created when you exported the configuration and you can change it to a more readable id. However, you should not change it, once you applied the configuration to your website.
  • title The title of the IdP is important, since it will be used to populate the dropdown list from which users will be able to select the IdP of their choice. If the title is left empty, the IdP will not be added to the IdP dropdown list on the default WordPress login from.
  • default An IdP can be configured to be the default IdP. In that case, WPO365 will use that IdP for application-only scenarios and for sending WordPress emails using Microsoft Graph.
  • type Defines the single sign-on protocol that should be used for this IdP. Allowed values are either oidc or saml).
  • domains This variable is – by default – not present in the exported file and must be added by you. If present, WPO365 can try and match the (domain portion of the) user’s email address (that the user entered into the login mask) with a list of domains that you can configure for each IdP separately. The following example shows an updated export that includes the domains variable.
...
'default' => false,
'domains' => array('wpo365.com', 'wpo365demo.onmicrosoft.com'),
'id' => '65eed664caef6',
...

120+

5 Star Reviews

20K+

Installations

400K+

Downloads