| 开发者 | jeremyjsimmons |
|---|---|
| 更新时间 | 2025年10月22日 22:34 |
| PHP版本: | 8.0 及以上 |
| WordPress版本: | 6.8.4 |
| 版权: | GPLv2 or later |
| 版权网址: | 版权信息 |
/wp-content/plugins/twelve-legs-marketing-sso/ directory, or install the plugin through the WordPress plugins screen directly./wp-content/plugins/twelve-legs-marketing-sso/ directoryThe plugin intercepts login requests with a special action parameter and JWT token. It validates the JWT signature using public keys from a JWKS endpoint, extracts user information from the token claims, and creates or updates the WordPress user accordingly.
This plugin supports RS256 (RSA with SHA-256) JWT signatures only. This provides strong security through public key cryptography.
The plugin is designed to work with any SSO provider that can issue RS256 JWTs and provide a JWKS endpoint. You'll need to configure your SSO provider to issue tokens with the correct audience and claims.
The plugin automatically configures allowed issuers based on the WordPress environment. In production, only https://sso.twelvelegsmarketing.com is allowed. In development/staging, https://localhost:8443 is also allowed.
The plugin will automatically create a new WordPress user with the information from the JWT claims. The username is generated from the email address, and a random password is assigned.
User roles can be assigned in two ways:
wp_role claim in the JWT tokenYes, the plugin implements multiple security layers including JWT signature verification, referrer validation, issuer validation, audience validation, and token expiration checking.