Use WP-Config for AAD secrets
Usage When you check this option, the plugin will expect the following configuration options to be provided as a global constant in your WP-Config.php (see this article for guidance on editing WP-Config.php):
- Tenant ID
- Redirect URL
- Application ID
- Application Secret
- App-only Application ID
- App-only Application Secret
- Mail Tenant ID
- Mail Application ID
- Mail Application Secret
- Mail Redirect URL
- Secret key to bypass SSO
- SAML X509 Certificate
Application ID URI (for the App registration used to protect a WP REST API with Azure)
The global constant should be configured as an associative array as shown below.
define( 'WPO_AAD_1', array ( 'tenant_id' => '9be34e84-xxxx-xxxx-xxxx-xxxxxxxxxxxx', 'redirect_url' => 'https://[your-redirect-goes here]/', 'application_id' => '30d24f1a-xxxx-xxxx-xxxx-xxxxxxxxxxxx', 'application_secret' => '*651Mxxx...', 'mail_tenant_id' => '9be34e84-xxxx-xxxx-xxxx-xxxxxxxxxxxx', 'mail_application_id' => '30d24f1a-xxxx-xxxx-xxxx-xxxxxxxxxxxx', 'mail_application_secret' => '*651Mxxx', 'mail_redirect_url' => 'https://[your-redirect-goes here]/', 'app_only_application_id' => '9be34e84-xxxx-xxxx-xxxx-xxxxxxxxxxxx', 'redirect_on_login_secret' => 'KHSKDHxxx', 'app_only_application_secret' => '*651Mxxx', 'wp_rest_aad_application_id_uri' => 'https://.../30d24f1a-xxxx-xxxx-xxxx-xxxxxxxxxxxx', 'saml_x509_cert' => '-----BEGIN CERTIFICATE----- [YOUR SAML X509 CERTIFICATE GOES HERE] -----END CERTIFICATE-----' ) );
Please note the following conventions when creating a new global constant.
- The name of the global constant should start with "WPO_AAD_" and ends with a number that corresponds to the blog ID of your site, which generally corresponds to "1" unless you configured WordPress Multisite (for WPMU support please see details below).
- Do not omit values from the array. If you have options that you have not configured e.g. you have not configured application_secret then still ensure that the item is added to the array but set is value to an empty string as shown in the previous example.
Important When you check this option and confirm to use WP-Config for AAD secrets, the corresponding options will be
- Removed from the WPO365 configuration
- Replaced with placeholder values
- Become disabled and cannot be updated
Example of a WPO365 configuration with disabled options showing placeholder values after enabling the use of WP-Config for AAD secrets.
Unchecking the option will not restore these options to their original values. Therefore you should ensure that you have created a backup of your configuration. You can backup your configuration when you go WP Admin > WPO365 > ... > Import / Export.
If you have activated WordPress Multisite and you have configured WPO365's dedicated mode (see this article for details) then you must enable the option to Use WP-Config for AAD secrets for each subsite individually. You must also add a separate global constant to your WP-Config.php for each subsite for which you enabled this option. However, you must then change the name of the global constant so that the number at the end corresponds to the so-called blog ID of the subsite e.g. "WPO_AAD_2". Please note that you can identify the blog ID of a subsite if you go to My Sites > Network Admin > Sites and hover the mouse of the Edit link of the subsite in question.
Default value Unchecked.
Versions LOGIN+, SYNC, INTRANET
Visit the website https://www.wpo365.com/