ID token verification

Skip ID token verification If you choose to skip the ID token check, the plugin will not verify whether the ID token received came from "your" Azure AD tenant (by verifying the iss claim). It also will not verify whether the ID token received was intended for your (WordPress) application (by verifying the aud claim). 

Important Checking this option, allows users with bad intentions to use ID tokens from other tenants or intended for other applications to gain access to your website.

Default value False

Versions ALL

Path WPO365 > Single Sign-on

Visit the website https://www.wpo365.com/

Don't process 3rd party ID tokens Checking this option, configures the plugin to not interfere with requests that present an ID token that did not came from "your" Azure AD tenant or that was not intended for your (WordPress) application.

Important Only check this option if you expect your website to receive (OpenID Connect) ID tokens from multiple identity providers. The plugin will pratically unload itself, if you check this option and if the plugin detects - through audience verification - that the current ID token did not came from "your" Azure AD tenant (by verifying the  iss claim) or that the ID token is intended for a different application (by verifying the aud claim). Please bear in mind that configuration that may otherwise restrict access to your website, such as the Intranet Authentication mode, Audiences and Private pages are not applied, when a 3rd party ID token is detected and this option is checked.

Default value False

Versions LOGIN+, SYNC, INTRANET

Path WPO365 > Single Sign-on

Visit the website https://www.wpo365.com/

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us