Enable "strict mode" for Redirect URI
Usage If checked, WPO365 will only process any OpenID Connect (OIDC) payload when it is "received" at Redirect URI specified on the plugin's Single Sign-on configuration page. "Strict mode" will only be enforced if the Redirect URI is not equal to the website's home address. The Redirect URI must be set to the URL for a specific page e.g. https://your-website/oidc-auth/. WPO365 will not create this page for you but expects you to create a dedicated page instead. And last but not least you should not forget to add the new Redirect URL to the list of accepted Redirect URIs on the App registration's Authentication page in Entra (Azure AD) as shown below (the URLs your-website and wpo365connect.com are examples and must be replaced by your own URLs).
Please note If this setting is not checked, WPO365 will process any OIDC payload it detects at any URL. If you configured more than one OIDC based Identity Provider or if you have another service that sends a payload similar to the OIDC one (e.g. with properties such as state, error, token and code) then this may proof problematic and you should enable "strict mode". |
Default False
Versions LOGIN
Path WP Admin > WPO365 > Single Sign-on
Visit the website https://www.wpo365.com/