A really good job.

  • Hello,
    Good job.
    Works like a charm.
    And the JWT allows the proxy and the WP to be on separate machines without impeding security and without the need to use PKI.

    A few suggestions nevertheless:
    1. priorizing the attributes’values coming from the directory (through the id_token) against WP own values [1];
    2. giving the possibility to fill in other profile’s attributes (firstname, lastname, social networks profiles, etc).

    [1] Above all the role MUST be set by the directory not by another user be it an administrator. That means there SHOULD exist a mean to override the user attributes or, at least, there exist a flag to do so.
    IAM is a too serious thing to be let in WP administrators’hands ??
    db

  • The topic ‘A really good job.’ is closed to new replies.