# Background
We have a WordPress running in docker on port 8081: http://{your_WordPress_url}:8081
. And the docker-compose.yml is like:
version: '3.1'
wordpress:
image: wordpress
depends_on:
- mysql
ports:
- 8081:80
environment:
WORDPRESS_DB_PASSWORD: password
mysql:
image: mysql:5.7
environment:
MYSQL_ROOT_PASSWORD: password
Now we want to deploy Datawiza Access-Broker (DAB) for WordPress.
# Deploy
- Config in Datawiza Cloud Management Console (DCMC):
Firstly, we need to create a deployment for WordPress in DCMC. You can follow the instruction on how to config in DCMC. In this tutorial, we use Okta as IdP.
- Deploy in host:
After creating the deployment in DCMC, we can use docker-compose file to deploy DAB. We can set Upstream Servers
to http://wordpress:80
or http://{your_WordPress_url}:8081
:
If we set Upstream Servers
to http://wordpress:80
, the docker-compose.yml file will be like:
version: '3.1'
services:
datawiza-access-broker:
image: registry.gitlab.com/datawiza/access-broker
container_name: datawiza-access-broker
restart: always
ports:
- "8081:8081"
environment:
PROVISIONING_KEY: replace-it-with-your-provisioning-key
PROVISIONING_SECRET: replace-it-with-your-provisioning-secret
wordpress:
image: wordpress
depends_on:
- mysql
environment:
WORDPRESS_DB_PASSWORD: password
mysql:
image: mysql:5.7
environment:
MYSQL_ROOT_PASSWORD: password
We need to recreate WordPress to assign 8081 port to DAB.
Use docker-compose -f docker-compose.yml up -d
to start service. Then we can visit http://{your_WordPress_url}:8081
and will be redirected to Okta login page.
If we set Upstream Servers
to http://{your_WordPress_url}:8081
, the docker-compose.yml file will be like:
version: '3.1'
services:
datawiza-access-broker:
image: registry.gitlab.com/datawiza/access-broker
container_name: datawiza-access-broker
restart: always
ports:
- "9772:9772"
environment:
PROVISIONING_KEY: replace-it-with-your-provisioning-key
PROVISIONING_SECRET: replace-it-with-your-provisioning-secret
Use docker-compose -f docker-compose.yml up -d
to start service.
Meanwhile, we need to change WordPress configuration:
The WordPress Address (URL) and Site Address (URL) need to be changed to http://localhost:9772
.
Now we can visit http://{your_WordPress_url}:9772
and will be redirected to Okta login page.
- Delegate the Authentication to DAB (Optional):
After login Okta, the follow page will be shown:
If you go to http://{your_WordPress_url}:{port}/wp-admin/
, you will be redirected to WordPress login page.
With WordPress plugin Datawiza Proxy Auth Plugin - SSO, here is a way to delegate the authentication to DAB:
Add New Attribute:
We will see four basic attributes in tab Profile
. We need to add role
since the plugin retrieves email and role from JWT:
Add Mapping:
In tab Mappings
, you will see the default mappings. Also, we need to add mapping for role:
Add New Attribute Pass:
We need to add email and role in Attribute Pass for the plugin. And email is necessary, role is optional.
If we didn't config the attributes correctly, error notification will be shown:
Proxy Auth Plugin expects email attribute to identify user, but it does not exist in JWT token. Please check your reverse proxy configuration
Install Plugin in WordPress:
Search for datawiza
and click Install Now
:
Activate it:
In Settings
→ Datawiza Proxy Auth
, input your private secret and save changes:
If you use the plugin with DAB, the private secret should be the PROVISIONING_SECRET
in your docker-compose file.
If the secret is wrong, you may see the error notification:
Proxy Auth Plugin cannot verify JWT token. Please double check your JWT token's private secret is configured correctly
Then, click logout and you will be redirected to Okta login page:
Re-login with Okta and the headline will be shown.
Assign role to the user in Okta (Optional):
Add attribute role:
In Users
→ Profile Editor
, select the profile:
Add Attribute:
Assign role to the user:
In User
→ People
, select the people:
In Profile
tab, edit role:
NOTES:
- If admin doesn’t assign role to the user, user’s role will be
subscriber
by default. - If user’s role has been updated in Okta, the plugin will update the role in WordPress accordingly.
← Okta