WordPress Application Passwords

  • Resolved alexwbaumann

    (@alexwbaumann)


    2 days, 18 hours ago

    I want our users to login using Azure w/ SAML 2.0 but I also have applications outside of WP that POST or GET info that do not rely on anything related to O365. These currently use a users Application Password for authentication. Is it possible to allow these for REST endpoints?

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Marco van Wieren

    (@wpo365)

    Hi @alexwbaumann

    Thank you for reaching out!

    WPO365 does not have logic to secure those endpoints by validating the application password. But if you have selected the Intranet Authentication scenario on the plugin’s “Single Sign-on” configuration page, then you can exempt the WP REST endpoint by adding “/wp-json/wp/v2” (or a more specific path) to the list of Pages freed from authentication, which you can find on the same configuration page.

    Hope that helps! Please let me know if you any further questions.

    -Marco

    Thread Starter alexwbaumann

    (@alexwbaumann)

    Thank you. I did forget to mention that we have the Intranet option set. I can whitelist those endpoints. Since I want those endpoints to remain protected, I will need to handle my own authentication.

    Plugin Author Marco van Wieren

    (@wpo365)

    Hi Alex

    Yes, I believe this what you would indeed need to do: Allow-list those endpoints in WPO365 so it doesn’t interfere with requests to that endpoint and then have another customization / plugin deal with those requests (e.g. check for and verify an application password).

    Hope that helps!

    -Marco

Viewing 3 replies - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.