The WordPress example project use SPID/CIE OIDC PHP as Generic OIDC to SPID/CIE OIDC relying party.
In this demo has been used:
To set up a complete SPID/CIE OIDC Federation clone the Django repository and add the following section into the docker-compose.yml file contained in the Django repo’s root folder.
relying-party-wordpress.org:
image: linfaservice/spid-cie-oidc-php-wordpress
expose:
- 8004
ports:
- "8004:8004"
networks:
- oidcfed
Add the following mappings into your hosts file:
127.0.0.1 trust-anchor.org
127.0.0.1 cie-provider.org
127.0.0.1 relying-party.org
127.0.0.1 relying-party-php.org
127.0.0.1 relying-party-wordpress.org
Now you should be able to run the entire federation by just opening a Terminal session into the Django repo’s root folder and running:
docker-compose up
The proxy relying party should respond to http://relying-party-php.org:8003/,
the wordpress site configured to connect to the proxy should respond to http://relying-party-wordpress.org:8004/
and the Trust Anchor should respond to http://trust-anchor.org:8000/.
Now navigate to the endpoint that shows the openid federation configuration of the proxy relying party as a decoded json (http://relying-party-php.org:8003/.well-known/openid-federation?output=json), you will receive something like the following output.
{
"iss": "http://relying-party-php.org:8003/",
"sub": "http://relying-party-php.org:8003/",
"iat": 1649414421,
"exp": 1680950421,
"jwks": {
"keys": [...]
},
"authority_hints": [
"http://trust-anchor.org:8000/"
],
"trust_marks": [],
"metadata": {
"openid_relying_party": {
"application_type": "web",
"client_registration_types": [
"automatic"
],
"client_name": "Relying Party PHP",
"contacts": [
"info@relying-party-php.org"
],
"grant_types": [
"authorization_code"
],
"jwks": {
"keys": [...]
},
"redirect_uris": [
"http://relying-party-php.org:8003//oidc/redirect"
],
"response_types": [
"code"
],
"subject_type": "pairwise"
}
}
}
Please, take note of the keys field value in the json, you will need it later in the onboarding phase.
Now you should be able to navigate the TA admin panel at the following url: http://trust-anchor.org:8000/admin. Please enter the admin credentials, and you will be presented with the TA admin panel main page.
The onboarding process can be summarized as follows:
Now you can perform a sample login/logout flow, since the OP will successfully resolve the Proxy RP’s trust chain, by navigating the RP’s home page (http://relying-party-php.org:8003/) or logging in from WordPress site (http://relying-party-wordpress.org:8004/).