{"id":48934883,"url":"https://github.com/codetot-web/sso-for-microsoft-entra","last_synced_at":"2026-04-28T06:00:16.513Z","repository":{"id":348212394,"uuid":"1196922734","full_name":"codetot-web/sso-for-microsoft-entra","owner":"codetot-web","description":"SSO for Microsoft Entra — Single Sign-On for WordPress using SAML 2.0 and OpenID Connect with PKCE","archived":false,"fork":false,"pushed_at":"2026-04-25T03:32:22.000Z","size":972,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-04-25T05:08:42.952Z","etag":null,"topics":["microsoft-entra","oidc","saml","sso","wordpress"],"latest_commit_sha":null,"homepage":null,"language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/codetot-web.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-03-31T07:00:05.000Z","updated_at":"2026-04-25T03:30:39.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/codetot-web/sso-for-microsoft-entra","commit_stats":null,"previous_names":["codetot-web/microsoft-entra-sso","codetot-web/sso-for-microsoft-entra"],"tags_count":8,"template":false,"template_full_name":null,"purl":"pkg:github/codetot-web/sso-for-microsoft-entra","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codetot-web%2Fsso-for-microsoft-entra","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codetot-web%2Fsso-for-microsoft-entra/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codetot-web%2Fsso-for-microsoft-entra/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codetot-web%2Fsso-for-microsoft-entra/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/codetot-web","download_url":"https://codeload.github.com/codetot-web/sso-for-microsoft-entra/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codetot-web%2Fsso-for-microsoft-entra/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32368534,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-27T20:07:02.737Z","status":"online","status_checked_at":"2026-04-28T02:00:07.250Z","response_time":56,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["microsoft-entra","oidc","saml","sso","wordpress"],"created_at":"2026-04-17T11:04:57.892Z","updated_at":"2026-04-28T06:00:16.504Z","avatar_url":"https://github.com/codetot-web.png","language":"PHP","funding_links":[],"categories":[],"sub_categories":[],"readme":"# SSO for Microsoft Entra\n\n[![Lint \u0026 Test](https://github.com/codetot-web/sso-for-microsoft-entra/actions/workflows/ci.yml/badge.svg)](https://github.com/codetot-web/sso-for-microsoft-entra/actions/workflows/ci.yml)\n[![PHP 8.1+](https://img.shields.io/badge/PHP-8.1%2B-blue.svg)](https://www.php.net/)\n[![WordPress 6.0+](https://img.shields.io/badge/WordPress-6.0%2B-blue.svg)](https://wordpress.org/)\n[![License: GPL v2](https://img.shields.io/badge/License-GPLv2-green.svg)](https://www.gnu.org/licenses/gpl-2.0.html)\n\nSingle Sign-On authentication for WordPress using Microsoft Entra ID (Azure AD) via OpenID Connect with PKCE.\n\n## Features\n\n- **OpenID Connect (OIDC)** with PKCE — the most secure OAuth 2.0 flow\n- **Automatic user provisioning** on first SSO login\n- **Encrypted** client-secret storage\n- **Configurable rate limiting** on login attempts\n- **Contextual Help tabs** built into the settings page\n- **Vietnamese translation** included, community translations via [translate.wordpress.org](https://translate.wordpress.org/)\n\n## Quick Start\n\n1. Install and activate the plugin.\n2. In Azure Portal: **App registrations** \u003e **+ New registration**.\n3. Set **Redirect URI** (Web) to `https://yoursite.com/sso/callback`.\n4. Copy the **Application (client) ID** and **Directory (tenant) ID**.\n5. Go to **Certificates \u0026 secrets** \u003e **+ New client secret** \u003e copy the Value.\n6. In WordPress: **Settings** \u003e **Entra SSO** \u003e enter Tenant ID, Client ID, Client Secret \u003e **Save Changes**.\n7. Add API permissions: **Microsoft Graph** \u003e Delegated: `openid`, `profile`, `email`.\n8. Test in an incognito window.\n\n## Requirements\n\n- PHP 8.1 or higher\n- WordPress 6.0 or higher\n- A Microsoft Entra ID (Azure AD) tenant\n\n## Installation\n\n### From WordPress Admin\n\n1. Download the latest release zip from [Releases](https://github.com/codetot-web/sso-for-microsoft-entra/releases).\n2. Go to **Plugins** \u003e **Add New** \u003e **Upload Plugin**.\n3. Upload the zip file and activate.\n\n### Manual\n\n```bash\ncd wp-content/plugins/\ngit clone https://github.com/codetot-web/sso-for-microsoft-entra.git\n```\n\nActivate the plugin from the WordPress admin.\n\n## Configuration\n\nClick the **Help** button (top-right) on the settings page for step-by-step guides:\n\n- **Quick Start** — OIDC setup walkthrough\n- **Azure Setup** — Full app registration walkthrough\n- **Troubleshooting** — Common errors and fixes\n\n## Security\n\n- PKCE (Proof Key for Code Exchange) prevents authorization code interception\n- OAuth state parameter prevents CSRF attacks\n- ID token nonce prevents token replay\n- `administrator` role is blocked as the SSO default role\n- Default role for new SSO users is `subscriber`\n- Client secret encrypted at rest using libsodium or AES-256-GCM\n\n## Development\n\n```bash\n# Install dependencies (including dev)\ncomposer install\n\n# Run linter\nvendor/bin/phpcs --standard=phpcs.xml.dist\n\n# Run tests\nvendor/bin/phpunit\n```\n\n## Contributing\n\nContributions are welcome. Please open an issue first to discuss what you would like to change.\n\n## Support\n\n- **Bug reports:** [GitHub Issues](https://github.com/codetot-web/sso-for-microsoft-entra/issues)\n- **Security vulnerabilities:** Please report privately via [GitHub Security Advisories](https://github.com/codetot-web/sso-for-microsoft-entra/security/advisories)\n\n## License\n\n[GPL-2.0-or-later](LICENSE)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcodetot-web%2Fsso-for-microsoft-entra","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcodetot-web%2Fsso-for-microsoft-entra","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcodetot-web%2Fsso-for-microsoft-entra/lists"}