Bluestem authentication plugin for WordPress integrates with WordPress sites to allow you to log in to your WordPress site using your UIC credentials. The plugin works with single and multi-site (network) installations.
The main advantage of using this plugin is security: instead of a local WordPress password, you and the users of your site can use existing UIC passwords. And, by replacing WordPress authentication with Bluestem, it removes local accounts and passwords as a vector of attack.
Bluestem client software must be installed on your server. It is already installed on webhost.uic.edu. If you have a Linux virtual server, check the instructions for installing the client and registering your server as an application server.
The plugin requires that the WordPress usernames match with UIC NetIDs. If you created user accounts with usernames that don’t match up to a UIC NetID we recommend that you create another user account that matches the UIC NetID.
The site must use https for login. If your site is served over http by default, you must add the following to your wp-config.php configuration file:
/** * Bluestem Authentication */ define('FORCE_SSL_ADMIN', true); define('FORCE_SSL_LOGIN', true);
Now you are ready to install and test the plugin.
Download the Bluestem authentication .zip file. Do not unzip the file.
Log in to your WordPress site as a user with Administrator privileges. Click on Plugins > Add New > Upload Plugin
Select the downloaded .zip file and click Install Now.
If installation is successful, click Activate Plugin.
Next, visit Settings > Bluestem authentication to check the configuration of the plugin.
By default, the plugin will operate in Bluestem-only authentication mode.
To test Bluestem authentication, but prevent being locked out in case of problems, set the plugin to allow both Bluestem and WordPress authentication by checking the Allow WordPress authentication? checkbox.
We do not recommend allowing WordPress authentication outside of testing.
Click Save Changes and log out. Then, visit your site’s wp-login.php page.
Click Login with UIC Common Password button. You will be redirected to Bluestem authentication page.
If the login is successful, visit the plugin settings again to disable WordPress authentication. Uncheck the Allow WordPress authentication? checkbox and save the configuration.
singlesignon@uic.edu |
January 20, 2017