How can I secure a WordPress blog using OpenID from a single provider?

We're about to launch an internal blog for the company I work at. Much of the blog will be available to the public, but certain posts will be for employees only.

Our intranet/extranet has an OpenID endpoint which we would like to use to secure the private blog posts. There are many benefits to this – not least that people won't have to sign in with yet another username and password.

Additionally, when someone new to the blog signs in with their OpenID, we don't want to have to require them to set up a local WordPress user account – we'd like that to be handled automatically. If a user doesn't exist with the OpenID specified, one should be created automatically.

Incidentally, we've taken this route with other third party software that we've used in-house. In most cases, we've taken the OpenID consumer plugin that came with the software (a DotNetNuke-based learning system) and modified the login form so that, instead of presenting users with a URL input field for their OpenID, we present them with a button that simply says "Login with [Your Intranet]".

So, in short, we'd like to:

  • Allow the vast majority of users to use OpenID to sign in to WordPress
  • Not require that those users already have a local WordPress user account
  • Restrict the OpenIDs accepted to those from a single domain, either by hardcoding the endpoint used or by configuring a list of approved endpoint domains

I've looked at the plugins available on WordPress.org and can't see any that offer this level of functionality 'out of the box', but would love to hear from people who could suggest anything, especially from anyone who's done this.

Additionally, an idea of which plugin to use to base a new plugin on if we need to write this full functionality ourselves, would be great.

Thanks.

Update: 4/2/13: We've installed the WordPress OpenID plugin and will probably use this as our base. I'll continue evaluating.

Topic single-sign-on users security login openid Wordpress

Category Web

1
answered at

I had a very similar situation, but I am using it for a family member with an illness to provide updates to the wider friends and family without relying on the primary caretaker to give these updates and a blog seemed the best way. We also wanted to allow people to add comments to the posts to give encouragement, etc. Your link to the OpenID somehow led me to this plugin: https://wordpress.org/plugins/oa-social-login/ which is more appropriate for our audience.

I can't seem to comment, so I'm posting this as an answer. Apologies for the breach of etiquette, but I thought this might be helpful. Apparently I need to go find other people to help.

About

Geeks Mental is a community that publishes articles and tutorials about Web, Android, Data Science, new techniques and Linux security.