Obfuscate AAD secrets
Please note This option is only available when WPO365 has detected the use of wp-config.php to configure one or multiple Identity Providers. Refer to this tutorial for instructions how to utilize your site's wp-config.php file to configure a single Identity Provider to enable SSO / Sign in with Microsoft for your WordPress website (or this tutorial if you need to configure multiple Identity Providers). |
Selecting this option prompts the plugin to replace the following Identity Provider configuration options in the database with placeholder data, presuming these settings have been configured via the wp-config file.
| Name / key | Type | Example value |
|---|---|---|
| app_only_application_id (*) | string | The ID of the App registration in Entra ID that shall be used for OAuth based application-only scenarios, e.g. 00000000-0000-0000-0000-000000000000. |
| app_only_application_secret (*) | string | The secret string that the application uses to prove its identity when requesting a token, e.g. ~^yz… |
| application_id (*) | string | The ID of the App registration in Entra ID that shall be used for OpenID Connect based delegated scenarios such as SSO, e.g. 00000000-0000-0000-0000-000000000000. |
| application_secret (*) | string | The secret string that the application uses to prove its identity when requesting a token, e.g. ~^yz… |
| mail_application_id (*) | string | The ID of the App registration in Entra ID that shall be used to con.nect to Microsoft Graph to sent emails, e.g. 00000000-0000-0000-0000-000000000000. |
| mail_application_secret (*) | string | The secret string that the application uses to prove its identity when requesting a token, e.g. ~^yz… |
| mail_redirect_url (*) | string | The URIs we will accept as destinations when returning codes and tokens e.g. https://www.your-website.com/. |
| mail_tenant_id (*) | string | The unique identifier for your Microsoft 365 organization in Microsoft Admin Center e.g. 00000000-0000-0000-0000-000000000000. |
| redirect_url (*) | string | The URIs we will accept as destinations when returning codes and tokens e.g. https://www.your-website.com/ |
| saml_base_url | string | e.g. https://www.your-website.com/ |
| saml_idp_entity_id | string | Microsoft Entra Identifier e.g. https://sts.windows.net/xxx… |
| saml_idp_meta_data_url | string | App Federation Metadata Url e.g. https://login.microsoftonline.com/xxx… |
| saml_idp_sls_url | string | Microsoft Entra Login URL e.g. https://login.microsoftonline.com/xxx…/saml2 |
| saml_idp_ssos_url | string | Microsoft Entra Login URL e.g. https://login.microsoftonline.com/xxx…/saml2 |
| saml_sp_acs_url | string | Reply URL (Assertion Consumer Service URL) e.g. https://www.your-website.com/ |
| saml_sp_entity_id | string | Identifier (Entity ID) e.g. https://www.your-website.com/6553391aed638 |
| saml_sp_sls_url | string | Logout Url (Optional) e.g. https://www.your-website.com/wp-login.php?action=loggedout |
| saml_x509_cert (*) | string | Certificate (Base64) e.g. —–BEGIN xxx … |
| tenant_id (*) | string | The unique identifier for your Microsoft 365 organization in Microsoft Admin Center e.g. 00000000-0000-0000-0000-000000000000. |
| wp_rest_aad_application_id_uri (*) | string | Application ID URI e.g. https://www.your-website.com/00000000-xxx… |
Please note that all keys marked with (*) were affected by this option before WPO365 version 30. All other keys have been added since.
Please note When an option is obfuscated, the following actions are applied to it: 1. Replaced with a placeholder value 2. Disabled the input element on the WPO365 configuration pages so it cannot be updated manually Unchecking this option will not restore these options to their original values! |
The following screenshot depicts an example of obfuscated Identity Provider's configuration options.
The table below summarizes options that are only mandatory to add to your site's wp-config.php when you configure multiple Identity Providers. These options are optional when you configure a Single Identity Provider using wp-config.php.
| Name / key | Type | Example value |
|---|---|---|
| b2c_custom_domain | string | A custom domain name used for (B2C or Entra Ext. ID) authentication and authorization that allows the user to stay on your domain e.g. login.wpo365.com. |
| b2c_domain_name | string | The default sub domain name for (B2C or Entra Ext. ID) authentication and authorization e.g. wpo365connect (B2C domain becomes wpo365connect.b2clogin.com). |
| b2c_policy_name | string | The B2C policy name that WPO365 shall use when a user signs in with Azure AD B2C e.g. B2C_Signin_1. |
| b2c_signup_policy | string | The B2C policy name that WPO365 shall use when a user signs up with Azure AD B2C e.g. B2C_Signup_1 (leave empty if not enabled). |
| oidc_flow | string | If you choose “code” the authorization code will be separated from the ID token, while the “hybrid” flow directly issues an ID token after user authentication. The latter is considered less secure and should not be used, unless you configure support for Entra multi-tenancy. |
| oidc_response_mode | string | Choose “form_post” to have the IdP auto-submit a form-post to send the code / tokens to the client (mandatory if oidc_flow equals hybrid) or “query” to receive the tokens via the query string, |
| redirect_on_login_secret (*) | string | A secret key that – if added to the absolute URL of the login page – will bypass forced SSO (if activated) e.g. 37dk… |
| b2c_allow_multiple_policies | bool | Must be enabled if you want WPO365 to create URLs pointing to various user policy endpoints. |
| b2c_enable_signup | bool | If enabled, WPO365 will replace the default WordPress sign-up link with a URL pointing to the B2C signup policy’s endpoint. |
| redirect_url_strict | bool | Whether or not to enable “strict mode” for the Redirect /ACS URL. |
| use_app_only_token | bool | Whether or not WPO365 should attempt to request a token for application-only scenarios. |
Please note that all keys marked with (*) were affected by this option before WPO365 version 30. All other keys have been added since.
Default value Unchecked.
Versions ALL PREMIUM
Visit the website https://www.wpo365.com/