How do I install Bluestem authentication plugin for WordPress?

Bluestem authentication plugin for WordPress integrates with WordPress sites to allow you to log in to your WordPress site using your UIC credentials. The plugin works with single and multi-site (network) installations.

The main advantage of using this plugin is security: instead of a local WordPress password, you and the users of your site can use existing UIC passwords. And, by replacing WordPress authentication with Bluestem, it removes local accounts and passwords as a vector of attack.

Prerequisites

Bluestem client software must be installed on your server. It is already installed on webhost.uic.edu. If you have a Linux virtual server, check the instructions for installing the client and registering your server as an application server.

Requirements

Username must match UIC NetID

The plugin requires that the WordPress usernames match with UIC NetIDs. If you created user accounts with usernames that don’t match up to a UIC NetID we recommend that you create another user account that matches the UIC NetID.

Enable SSL login

The site must use https for login. If your site is served over http by default, you must add the following to your wp-config.php configuration file:

/**
 * Bluestem Authentication
 */
define('FORCE_SSL_ADMIN', true);
define('FORCE_SSL_LOGIN', true);

Now you are ready to install and test the plugin.

Installation

Download the Bluestem authentication .zip file. Do not unzip the file.

Log in to your WordPress site as a user with Administrator privileges. Click on Plugins > Add New > Upload Plugin

Select the downloaded .zip file and click Install Now.

If installation is successful, click Activate Plugin.

Next, visit Settings > Bluestem authentication to check the configuration of the plugin.

By default, the plugin will operate in Bluestem-only authentication mode. 

To test Bluestem authentication, but prevent being locked out in case of problems, set the plugin to allow both Bluestem and WordPress authentication by checking the Allow WordPress authentication? checkbox. 

We do not recommend allowing WordPress authentication outside of testing.

Click Save Changes and log out. Then, visit your site’s wp-login.php page.

Click Login with UIC Common Password button. You will be redirected to Bluestem authentication page. 

If the login is successful, visit the plugin settings again to disable WordPress authentication. Uncheck the Allow WordPress authentication? checkbox and save the configuration.