{"id":20374,"date":"2024-04-04T11:23:55","date_gmt":"2024-04-04T09:23:55","guid":{"rendered":"https:\/\/chochol.io\/smart-home\/authentik-single-sign-on-configuration-for-wordpress\/"},"modified":"2025-08-23T19:56:20","modified_gmt":"2025-08-23T17:56:20","slug":"authentik-single-sign-on-configuration-for-wordpress","status":"publish","type":"post","link":"https:\/\/chochol.io\/en\/software\/authentik-single-sign-on-configuration-for-wordpress\/","title":{"rendered":"Authentik: Single Sign-On Configuration for WordPress"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"20374\" class=\"elementor elementor-20374 elementor-1217\" data-elementor-post-type=\"post\">\n\t\t\t\t<div class=\"elementor-element elementor-element-3f6ce4f e-flex e-con-boxed e-con e-parent\" data-id=\"3f6ce4f\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-7c8f751 elementor-toc--minimized-on-tablet elementor-widget elementor-widget-table-of-contents\" data-id=\"7c8f751\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;exclude_headings_by_selector&quot;:[],&quot;no_headings_message&quot;:&quot;No headings were found on this page.&quot;,&quot;headings_by_tags&quot;:[&quot;h2&quot;,&quot;h3&quot;,&quot;h4&quot;,&quot;h5&quot;,&quot;h6&quot;],&quot;marker_view&quot;:&quot;numbers&quot;,&quot;minimize_box&quot;:&quot;yes&quot;,&quot;minimized_on&quot;:&quot;tablet&quot;,&quot;hierarchical_view&quot;:&quot;yes&quot;,&quot;min_height&quot;:{&quot;unit&quot;:&quot;px&quot;,&quot;size&quot;:&quot;&quot;,&quot;sizes&quot;:[]},&quot;min_height_tablet&quot;:{&quot;unit&quot;:&quot;px&quot;,&quot;size&quot;:&quot;&quot;,&quot;sizes&quot;:[]},&quot;min_height_mobile&quot;:{&quot;unit&quot;:&quot;px&quot;,&quot;size&quot;:&quot;&quot;,&quot;sizes&quot;:[]}}\" data-widget_type=\"table-of-contents.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-toc__header\">\n\t\t\t\t\t\t<div class=\"elementor-toc__header-title\">\n\t\t\t\tTable of Contents\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t<div class=\"elementor-toc__toggle-button elementor-toc__toggle-button--expand\" role=\"button\" tabindex=\"0\" aria-controls=\"elementor-toc__7c8f751\" aria-expanded=\"true\" aria-label=\"Open table of contents\"><svg aria-hidden=\"true\" class=\"e-font-icon-svg e-fas-chevron-down\" viewBox=\"0 0 448 512\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\"><path d=\"M207.029 381.476L12.686 187.132c-9.373-9.373-9.373-24.569 0-33.941l22.667-22.667c9.357-9.357 24.522-9.375 33.901-.04L224 284.505l154.745-154.021c9.379-9.335 24.544-9.317 33.901.04l22.667 22.667c9.373 9.373 9.373 24.569 0 33.941L240.971 381.476c-9.373 9.372-24.569 9.372-33.942 0z\"><\/path><\/svg><\/div>\n\t\t\t\t<div class=\"elementor-toc__toggle-button elementor-toc__toggle-button--collapse\" role=\"button\" tabindex=\"0\" aria-controls=\"elementor-toc__7c8f751\" aria-expanded=\"true\" aria-label=\"Close table of contents\"><svg aria-hidden=\"true\" class=\"e-font-icon-svg e-fas-chevron-up\" viewBox=\"0 0 448 512\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\"><path d=\"M240.971 130.524l194.343 194.343c9.373 9.373 9.373 24.569 0 33.941l-22.667 22.667c-9.357 9.357-24.522 9.375-33.901.04L224 227.495 69.255 381.516c-9.379 9.335-24.544 9.317-33.901-.04l-22.667-22.667c-9.373-9.373-9.373-24.569 0-33.941L207.03 130.525c9.372-9.373 24.568-9.373 33.941-.001z\"><\/path><\/svg><\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<div id=\"elementor-toc__7c8f751\" class=\"elementor-toc__body\">\n\t\t\t<div class=\"elementor-toc__spinner-container\">\n\t\t\t\t<svg class=\"elementor-toc__spinner eicon-animation-spin e-font-icon-svg e-eicon-loading\" aria-hidden=\"true\" viewBox=\"0 0 1000 1000\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\"><path d=\"M500 975V858C696 858 858 696 858 500S696 142 500 142 142 304 142 500H25C25 237 238 25 500 25S975 237 975 500 763 975 500 975Z\"><\/path><\/svg>\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4e73b7e elementor-widget elementor-widget-text-editor\" data-id=\"4e73b7e\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h2>Hello!<\/h2><p>Today I\u2019ll walk you through the steps of setting up a single sign-on (SSO) service between a WordPress server and Authentik.<\/p><h2>Introduction<\/h2><h3>What is WordPress?<\/h3><p class=\"whitespace-pre-wrap break-words\"><img decoding=\"async\" class=\"alignleft\" src=\"https:\/\/cdn.pixabay.com\/photo\/2022\/01\/16\/17\/24\/wordpress-6942722_1280.png\" alt=\"Wordpress Logo Icon - Free vector graphics on Pixabay - Pixabay\" width=\"220\" height=\"220\" \/><strong>WordPress<\/strong> is one of the most popular platforms for creating websites and blogs. It is an advanced content management system (CMS) that allows you to easily create, edit and publish various types of content online. WordPress has an intuitive interface and a large community of users. It offers a huge number of free and paid themes and plugins. They extend the functionality of WordPress.<\/p><p class=\"whitespace-pre-wrap break-words\">The WordPress community offers support, advice and resources. It is a popular choice for both small blogs and large corporate sites, online stores and portals. Its open nature and ease of use make it readily used for a variety of online purposes.<\/p><p>\u00a0<\/p><h3>What is Authentik?<\/h3><p><img decoding=\"async\" class=\"alignleft wp-image-518\" src=\"https:\/\/chochol.io\/wp-content\/uploads\/2023\/12\/authentik-orange-icon-2048x1567-suu0o0ov-300x230.png\" sizes=\"(max-width: 150px) 100vw, 150px\" srcset=\"https:\/\/chochol.io\/wp-content\/uploads\/2023\/12\/authentik-orange-icon-2048x1567-suu0o0ov-300x230.png 300w, https:\/\/chochol.io\/wp-content\/uploads\/2023\/12\/authentik-orange-icon-2048x1567-suu0o0ov-1024x784.png 1024w, https:\/\/chochol.io\/wp-content\/uploads\/2023\/12\/authentik-orange-icon-2048x1567-suu0o0ov-768x588.png 768w, https:\/\/chochol.io\/wp-content\/uploads\/2023\/12\/authentik-orange-icon-2048x1567-suu0o0ov-1536x1175.png 1536w, https:\/\/chochol.io\/wp-content\/uploads\/2023\/12\/authentik-orange-icon-2048x1567-suu0o0ov-330x250.png 330w, https:\/\/chochol.io\/wp-content\/uploads\/2023\/12\/authentik-orange-icon-2048x1567-suu0o0ov.png 2048w\" alt=\"\" width=\"220\" height=\"169\"><strong>Authentik<\/strong> is an open source software that serves as an Identity Provider to manage user authentication and authorization. As an alternative to commercial services such as Okta or One Login, Authentik offers similar functionality in an open-source model. Other open-source tools with a similar purpose include Keycloak and Authelia, which also allow central management of user identities in applications and web services.<\/p><p>It stands out for its configuration flexibility and broad support for various authentication protocols, making it an excellent choice for organizations looking for an advanced but accessible open-source identity management solution.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6be43a2 elementor-alert-info elementor-widget elementor-widget-alert\" data-id=\"6be43a2\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"alert.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-alert\" role=\"alert\">\n\n\t\t\t\t\t\t<span class=\"elementor-alert-title\">Information<\/span>\n\t\t\t\n\t\t\t\t\t\t<span class=\"elementor-alert-description\">The following tutorial was developed using versions: Authentik 2024.2 and WordPress 6.5<\/span>\n\t\t\t\n\t\t\t\t\t\t<button type=\"button\" class=\"elementor-alert-dismiss\" aria-label=\"Dismiss this alert.\">\n\t\t\t\t\t\t\t\t\t<span aria-hidden=\"true\">\u00d7<\/span>\n\t\t\t\t\t\t\t<\/button>\n\t\t\t\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d740c11 elementor-widget elementor-widget-text-editor\" data-id=\"d740c11\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h2>Preparation<\/h2><p>For the purpose of preparing the guide, let\u2019s start with the domain names and identifiers described below. Keep in mind, however, that during the setup process you should adjust the settings according to your needs.<\/p><ul><li>Full domain name (FQDN) Portainer: <strong>https:\/\/auth.xyz.com<\/strong><\/li><li>Full domain name (FQDN) of WordPress: <strong>https:\/\/xyz.com<\/strong><\/li><\/ul><p>With these assumed values, we can move on to the actual part of the guide. Of course, if necessary, these values should be changed to suit your configuration.<\/p><h3>What is OpenID Connect?<\/h3><p>The OpenID Connect (OIDC) protocol is an authentication layer based on the OAuth 2.0 protocol that enables secure authentication and acquisition of user identity information in web applications. Below are the key elements that describe how OpenID Connect works:<\/p><ul><li><strong>OAuth 2.0 authentication:<\/strong> OpenID Connect uses the OAuth 2.0 protocol as the basis for authentication. OAuth 2.0 allows applications to access resources on behalf of the user, and OpenID Connect extends this protocol with an authentication layer.<\/li><li><strong>Issuing Tokens:<\/strong> Once a user is successfully authenticated, its gets tokens that contain identity information. These are typically:<ul><li><strong>ID Token:<\/strong> Contains basic information about the user, such as ID, first name, last name, etc.<\/li><li><strong>Access Token:<\/strong> Allows access to protected resources on behalf of the user.<\/li><li><strong>Refresh Token:<\/strong> It is used to refresh or obtain new tokens after expiration.<\/li><\/ul><\/li><li><strong>JSON Web Tokens (JWT):<\/strong> The information sent in the tokens is often encoded in the JSON form of Web Tokens, which keeps them concise and secure.<\/li><li><strong>End-User Authentication:<\/strong> OpenID Connect supports various methods of user authentication, such as password login, multi-factor authentication or even third-party identity providers.<\/li><li><strong>Configuration Information:<\/strong> The identifiers and information necessary to authorize and receive tokens are obtained from the configuration document, which is usually available at a fixed URL.<\/li><li><strong>Security over TLS:<\/strong> Communication between the client and the identity provider, as well as between the provider and the resource server, should take place over a secure TLS (HTTPS) connection.<\/li><\/ul><p>In summary, OpenID Connect facilitates secure and efficient authentication of users in web applications, while allowing users to acquire their identity information through tokens.<\/p><h3>Operation of OpenID Connect<\/h3><p>The process of the OpenID Connect (OIDC) protocol can be divided into several steps. Below you will find a general description of the steps involved in this process:<\/p><ul><li><strong>Initiate Authorization Request:<\/strong><ul><li>The user wants to log into the application, supporting OpenID Connect.<\/li><li>The application directs it to the identity provider (IdP) with an authorization request.<\/li><li>This request contains the ranges (scopes) of access that the application wants, and information about what actions are required after the authorization is completed.<\/li><\/ul><\/li><li><strong>User Authentication (Authentication):<\/strong><ul><li>The identity provider authorizes the user.<\/li><li>If the user is not logged in, they may be asked for their credentials.<\/li><\/ul><\/li><li><strong>Redirection Back:<\/strong><ul><li>Once the user is successfully authenticated, the identity provider redirects the user back to the application while providing an authorization code.<\/li><\/ul><\/li><li><strong>Code-to-Token Exchange (Token Exchange):<\/strong><ul><li>The application sends the received authorization code back to the identity provider.<\/li><li>In return, it receives a set of tokens, such as an ID Token, Access Token and possibly a Refresh Token.<\/li><\/ul><\/li><li><strong>Use of Tokens (Access Resources):<\/strong><ul><li>The application uses the received Access Token to access protected resources on behalf of the user.<\/li><li>Access to resources can be limited by the access range specified in the token.<\/li><\/ul><\/li><li><strong>Token Verification:<\/strong><ul><li>The application verifies the validity of the received tokens, especially the ID Token, which contains information about the user\u2019s identity.<\/li><li>Verification may include checking the token\u2019s signature, its validity and compliance with authorization requests.<\/li><\/ul><\/li><li><strong>Token Refresh:<\/strong><ul><li>If Refresh Token is used, the application can refresh its tokens without having to re-authenticate the user.<\/li><\/ul><\/li><\/ul><h2>Step 1 \u2013 Configuration in Authentik<\/h2><ul><li class=\"whitespace-normal break-words\">First, log in to your account and go to the Authentik administrative interface.<\/li><li>After successfully logging in, go to the <strong>Applications<\/strong> tab on the left side of the screen and then select <strong>Providers<\/strong>.<\/li><\/ul><p><img decoding=\"async\" class=\"aligncenter\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAASIAAACqCAYAAAAJKkK3AAAKqmlDQ1BJQ0MgUHJvZmlsZQAASImVlgdQk9kWx+\/3pYeEAKFLCb1JbwGkhB5A6VVUQhIglBACQcWuLK7giiIiTVnQRREFV6XIKioWLIiAAvYFWQTUdbEgKirvA4bg7pv33rwzc7\/7m\/Od+7\/n3Ll35gBAJrEEgmRYCoAUfoYwyMuVFhEZRcONABKQAhDyVWKx0wWMgAA\/gNj8\/Hf70IdEInbXeEbr3\/\/\/V5PmcNPZAEABCMdy0tkpCJ9BxnO2QJgBAKoc8WutzhDM8EWEZYVIggjfm+H4OR6d4dg5\/jIbExLkBgAaqQpPYrGE8QCQVBA\/LZMdj+iQliBsxufw+AjP5OuUkpLKQfg4wvpIjADhGX167Hc68X\/TjBVrsljxYp6rZdbw7rx0QTJr7f95HP\/bUpJF83voIoOUIPQOQmZJ5MzuJ6X6ipkfu8x\/nnmc2fhZThB5h84zO90tap45LHdf8drkZX7zHMfzZIp1Mpgh88xN9wieZ2FqkHivOKEbY55ZwoV9RUmhYn8ClynWz0oICZ\/nTF7YsnlOTwr2XYhxE\/uFoiBx\/ly+l+vCvp7i2lPSv6uXxxSvzUgI8RbXzlrIn8tnLGimR4hz43DdPRZiQsXxggxX8V6C5ABxPDfZS+xPzwwWr81ALuTC2gDxGSayfALmGQQAC2AFEoAxMiOKGdw1GTNFuKUK1gp58QkZNAbyurg0Jp9tsphmYWZhCcDMW527Cu+CZt8gJN+64Es9jFzhD8ib2LPgiy0EoCkHAMWHCz7tgwBQsgFobGOLhJlzPvTMBwOIgAJkgRJQA1pAfzYzG+AAXIAH8AH+IAREgpWAjeScAoRgNVgPtoAckAd2g32gFFSAQ+AoOAFOgSZwDlwC18At0AV6wSMwAIbBSzAOPoApCIJwEBmiQkqQOqQDGUEWEB1ygjwgPygIioRioHiID4mg9dA2KA8qgEqhSqgG+hU6C12CbkDd0ANoEBqD3kKfYRRMgmVhVVgXNoXpMAP2hUPgFXA8nAZnwdnwLrgYroKPw43wJfgW3AsPwC\/hCRRASaDkURooYxQd5YbyR0Wh4lBC1EZULqoIVYWqQ7Wg2lF3UQOoV6hPaCyaiqahjdEOaG90KJqNTkNvRO9El6KPohvRV9B30YPocfQ3DBmjgjHC2GOYmAhMPGY1JgdThKnGNGCuYnoxw5gPWCxWHquHtcV6YyOxidh12J3YA9h67EVsN3YIO4HD4ZRwRjhHnD+OhcvA5eBKcMdxF3A9uGHcR7wEXh1vgffER+H5+K34IvwxfCu+Bz+CnyJIEXQI9gR\/AoewlpBPOExoIdwhDBOmiNJEPaIjMYSYSNxCLCbWEa8SHxPfSUhIaErYSQRK8CQ2SxRLnJS4LjEo8YkkQzIkuZGiSSLSLtIR0kXSA9I7MpmsS3YhR5EzyLvINeTL5Kfkj5JUSRNJpiRHcpNkmWSjZI\/kawqBokNhUFZSsihFlNOUO5RXUgQpXSk3KZbURqkyqbNS\/VIT0lRpc2l\/6RTpndLHpG9Ij8rgZHRlPGQ4Mtkyh2QuywxRUVQtqhuVTd1GPUy9Sh2WxcrqyTJlE2XzZE\/IdsqOy8nIWcmFya2RK5M7Lzcgj5LXlWfKJ8vny5+S75P\/rKCqwFDgKuxQqFPoUZhUXKTooshVzFWsV+xV\/KxEU\/JQSlLao9Sk9EQZrWyoHKi8Wvmg8lXlV4tkFzksYi\/KXXRq0UMVWMVQJUhlncohlQ6VCVU1VS9VgWqJ6mXVV2ryai5qiWqFaq1qY+pUdSd1nnqh+gX1FzQ5GoOWTCumXaGNa6hoeGuINCo1OjWmNPU0QzW3atZrPtEiatG14rQKtdq0xrXVtZdqr9eu1X6oQ9Ch6yTo7Ndp15nU1dMN192u26Q7qqeox9TL0qvVe6xP1nfWT9Ov0r9ngDWgGyQZHDDoMoQNrQ0TDMsM7xjBRjZGPKMDRt2LMYvtFvMXVy3uNyYZM4wzjWuNB03kTfxMtpo0mbw21TaNMt1j2m76zczaLNnssNkjcxlzH\/Ot5i3mby0MLdgWZRb3LMmWnpabLJst31gZWXGtDlrdt6ZaL7Xebt1m\/dXG1kZoU2czZqttG2NbbttPl6UH0HfSr9th7FztNtmds\/tkb2OfYX\/K\/i8HY4ckh2MOo0v0lnCXHF4y5KjpyHKsdBxwojnFOP3sNOCs4cxyrnJ+5qLlwnGpdhlhGDASGccZr13NXIWuDa6TbvZuG9wuuqPcvdxz3Ts9ZDxCPUo9nnpqesZ71nqOe1l7rfO66I3x9vXe493PVGWymTXMcR9bnw0+V3xJvsG+pb7P\/Az9hH4tS+GlPkv3Ln28TGcZf1mTP\/Bn+u\/1fxKgF5AW8FsgNjAgsCzweZB50Pqg9mBq8KrgY8EfQlxD8kMeheqHikLbwihh0WE1YZPh7uEF4QMRphEbIm5FKkfyIpujcFFhUdVRE8s9lu9bPhxtHZ0T3bdCb8WaFTdWKq9MXnl+FWUVa9XpGExMeMyxmC8sf1YVayKWGVseO852Y+9nv+S4cAo5Y1xHbgF3JM4xriBuNN4xfm\/8WIJzQlHCK54br5T3JtE7sSJxMsk\/6UjSdHJ4cn0KPiUm5Sxfhp\/Ev5KqlromtVtgJMgRDKTZp+1LGxf6CqvTofQV6c0ZskhT1CHSF\/0gGsx0yizL\/Lg6bPXpNdJr+Gs61hqu3bF2JMsz65d16HXsdW3rNdZvWT+4gbGhciO0MXZj2yatTdmbhjd7bT66hbglacvtrWZbC7a+3xa+rSVbNXtz9tAPXj\/U5kjmCHP6tztsr\/gR\/SPvx84dljtKdnzL5eTezDPLK8r7spO98+ZP5j8V\/zS9K25XZ75N\/sHd2N383X17nPccLZAuyCoY2rt0b2MhrTC38P2+VftuFFkVVewn7hftHyj2K24u0S7ZXfKlNKG0t8y1rL5cpXxH+eQBzoGegy4H6ypUK\/IqPv\/M+\/l+pVdlY5VuVdEh7KHMQ88Phx1u\/4X+S021cnVe9dcj\/CMDR4OOXqmxrak5pnIsvxauFdWOHY8+3nXC\/URznXFdZb18fd5JcFJ08sWvMb\/2nfI91XaafrrujM6Z8gZqQ24j1Li2cbwpoWmgObK5+6zP2bYWh5aG30x+O3JO41zZebnz+a3E1uzW6QtZFyYuCi6+uhR\/aahtVdujyxGX710JvNJ51ffq9Wue1y63M9ovXHe8fu6G\/Y2zN+k3m27Z3GrssO5ouG19u6HTprPxju2d5i67rpbuJd2tPc49l+663712j3nvVu+y3u6+0L77\/dH9A\/c590cfJD948zDz4dSjzY8xj3OfSD0peqrytOp3g9\/rB2wGzg+6D3Y8C372aIg99PKP9D++DGc\/Jz8vGlEfqRm1GD035jnW9WL5i+GXgpdTr3L+lP6z\/LX+6zN\/ufzVMR4xPvxG+Gb67c53Su+OvLd63zYRMPH0Q8qHqcncj0ofj36if2r\/HP55ZGr1F9yX4q8GX1u++X57PJ0yPS1gCVmzrQAKGXBcHABvjwBAjgSA2gUAcflcLz1r0Fz\/P0vgP\/Fcvz1rNgAc6gcgZB0AfrcBKClFWllEnxINQAAF8TsA2NJSPOb73tkefcbM6pA+5pSdravtk\/0NNPAPm+vfv8v7nzOYUbUC\/5z\/Ba55BwHUrL8\/AAAAYmVYSWZNTQAqAAAACAACARIAAwAAAAEAAQAAh2kABAAAAAEAAAAmAAAAAAADkoYABwAAABIAAABQoAIABAAAAAEAAAEioAMABAAAAAEAAACqAAAAAEFTQ0lJAAAAU2NyZWVuc2hvdKWlBikAAAI9aVRYdFhNTDpjb20uYWRvYmUueG1wAAAAAAA8eDp4bXBtZXRhIHhtbG5zOng9ImFkb2JlOm5zOm1ldGEvIiB4OnhtcHRrPSJYTVAgQ29yZSA2LjAuMCI+CiAgIDxyZGY6UkRGIHhtbG5zOnJkZj0iaHR0cDovL3d3dy53My5vcmcvMTk5OS8wMi8yMi1yZGYtc3ludGF4LW5zIyI+CiAgICAgIDxyZGY6RGVzY3JpcHRpb24gcmRmOmFib3V0PSIiCiAgICAgICAgICAgIHhtbG5zOmV4aWY9Imh0dHA6Ly9ucy5hZG9iZS5jb20vZXhpZi8xLjAvIgogICAgICAgICAgICB4bWxuczp0aWZmPSJodHRwOi8vbnMuYWRvYmUuY29tL3RpZmYvMS4wLyI+CiAgICAgICAgIDxleGlmOlBpeGVsWURpbWVuc2lvbj4xNzA8L2V4aWY6UGl4ZWxZRGltZW5zaW9uPgogICAgICAgICA8ZXhpZjpVc2VyQ29tbWVudD5TY3JlZW5zaG90PC9leGlmOlVzZXJDb21tZW50PgogICAgICAgICA8ZXhpZjpQaXhlbFhEaW1lbnNpb24+MjkwPC9leGlmOlBpeGVsWERpbWVuc2lvbj4KICAgICAgICAgPHRpZmY6T3JpZW50YXRpb24+MTwvdGlmZjpPcmllbnRhdGlvbj4KICAgICAgPC9yZGY6RGVzY3JpcHRpb24+CiAgIDwvcmRmOlJERj4KPC94OnhtcG1ldGE+CuZjdgkAACGpSURBVHgB7Z0HXBTHF8d\/VLtg7wgxFlRssXejMfZeELvGkmKMvSu22MWu2LsUEdG\/Bey9V+yoWGLEFlGxoeB\/3pA9Fzz1gDuOu7zJ57jZ2Zk3s9\/lfrz3Zs1Z5HZw+gAuTIAJMAEjEHj\/7q2c1dIIc\/OUTIAJMIFYBKwdnZxiNfABE2ACTCCpCFy\/dkVOZX0rNDSp5uR5mAATYAJaCXBophULNzIBJpCUBFiIkpI2z8UEmIBWAixEWrFwIxNgAklJgIUoKWnzXEyACWglwEKkFQs3MgEmkJQEWIiSkjbPxQSYgFYCLERasXAjE2ACSUmAhSgpafNcTIAJaCXAQqQVCzcyASaQlARYiJKSNs\/FBJiAVgJmJ0Tp06dHzpw5tF4sNzIBJpA8CSSZEI0d447ly5agdu0fDEYiTZrUuHD+DPr37SPncG3dCsePHsYPP9Qy2JxkOKnmMehFsHEmYEQCSSJE3+bLh04dO6Dm9zXwc8\/uBrtcC4j\/LCzw4d\/\/w1Lhws7IkSM7ChUsoLc5y5QpjQXz54KuSSmGmEexze9MwFgEUqRI8cWpU6ZM+cXz8TmZJELUxrW1Zk2lv\/sO3377rebYkJUJEyejdp16WOC5SG\/TfFeqFOrXq4t06dNpbBpiHo1xrjABIxCoWKECzp4+gRXLl0KbIFWvVg3nz56C54J5sLa2TvQKDS5ENjY2aNGiOZ48+QfDR4ySC1YLU9wrsLS0hK2tbdzmT451UePXr1\/j8uUrePfu3SfjU6VKBQrltBXyqjJnygQrKyttpz9p+9I8GTJkAF3TlwrdSMptfa7Y29vrxORz47mdCcSXwIABfZE2bVp8X6M6lizyjCVGJEJLFnuCPkP16tZBhQrl42v+k\/5f\/oR80j3+DXXq\/IiMGTMgYNMm+G8MQGRkJJo3awoSKKXMmzsbG\/3XY\/y4MThz6gSuXbmIDet9UK5cWaULmjZpjHNnTsFj+lTs2RWEkKuXcHD\/XvTo3u2zH3RlTOVKFTV2ihcvBq91a3DpwjlcDD6HLZsD0LBhA3me\/gosW7oYly6exxnx1+Dq5QuY4TENJHp2dnZy\/r59esu+a1atkMcdO7TXrE2ZhwSsW7euOHRgr\/yrce7MSUyeNAEkKEqha6ZrHO0+Uva5GHwWO4O2w8WlqNJFhrJHDh9A8LnTuHIpGH6+3tIb03TgChMwEIGpU6fjzZs30nq1alU1YqSIkOIs7Ny5C0eOHE30KgwuRG5tXOUi\/Tb44\/nz5wjasROZMmVEbVUCOX26dKCQp5EQhGPHj+P69RugXIyP11pUqVxJjqcLJ0Fr0bwZQkNv4fjxE8iVKxeGDxuCcWNHawWhjLGxifGwypYtgwB\/P5QXArdt23b4+fnDwSEP5s2ZhRIlistXqZIl4b9hI+bNX4Dbt+9I0WzcqCHevn2L5StW4uTJU3Kuw4ePyOOgHTukt0JrU+ah9YwcPgxRUdFYuGgJLly8BPICaW7Fk6NrpmusW6cOfHzX44SwW1DksiipTyVz5syYPWsGbIVgz523AEuWLoOTkyNGjBims6dGdrgwgYQQOCR+vzt17hpLjHy910lPSC1C3Xv+gvfv3ydkilhjEh\/cxTIX+yBvXgdUqlhBCMt1nD8fLE\/6+W1Ag\/r15Adzy9ZtmgEUPtWp2wD3\/v5btpE3M2umB4YMGYQD9Rtp+o0cNRrLlq+Qx1mzZhVexDa0a+sGz4WL8OTxE00\/bZVRI4ZL76l9x87Yt2+\/7JJlchY4OxfC2bPncO7cecxf4CmS3THZ7qXLVuDYkYNo3aolvH184TFjJnr26I4qVSpjrhCqM2fOfjKNk5OjXM+DBw9Qp14DvHr1SvaZI0SlceNGaOvWRooKNdINbNKsOf7++77sQ14hCXL+\/Plhb5ce6YRY7RB\/caZOmyb6Rol3DxlORkVFyf78gwkYkoAiRrTbTX9AS5YsoZmOPCESIW1pD02neFQM6hG1cXWVu1jkuWzauEG++vb9Qy6PPsy5cubULJUuSBEhagzYtBn374fBuZBzrDDu1q3bmjEPHz7EBv+Nco5ixYpp2rVVSMULFy4sPRpFhKjfo0ePsH\/\/ATmEdth++\/VnrPfxQuC2LRgvPBsKs+zt7bSZ1NpWsEBB2b4xYJNGhKhh1Zq1sp1CQ6VQmKqIELVt3bpdnsqeLStOnT4DutZmTZuIpOFJeHutQa\/fftF4XYoNfmcChiSgiJESptFc+hYhsmkwIbK2tkKrls2lYlJYdvHSJfkir+PEiZPSM2nduiWtQWshryT6Q7Q8R8njz5Xo6Bjv5Ut91GPz5MmtNbQhwVksknID+vfD4ydPEBgUJOb\/9zkAtQEd63G9lmgdvBhKeislOjpa7vgNHDQE27YHIosI1Xr\/3gubA\/zFLoVuSXTFFr8zgcQQUMTo5ctXCAwM0qsnpKzLYKFZrZq1kCVLFvxvy1YMGTpcmU++Ozrmxf69u9FKhDwzZs6WbZS8zp49O8LCwuQxPXNEHtOFixdlglsxkMcht1KVYUrTpo3l8fnz5zXt2irkfVwSYlismIvIy\/wo10X9aLcqX75v8PDBQ7gULYobN2+i58+\/akxQYlxdKFdEJbXYMdBWrly9IpubNmmC6R4zZW6JGtxESEZFCVHlwVd+FCiQH+u8vOWLutLzS\/ToQDGXYjh95sxXRvNpJqA\/AiRGxUt+p\/l91p\/lGEsGEyI3t5hnh7y8fT5ZM4Ucx44dR\/ny5WS+hTqQEG3buhmbREhG29n0tDKVKVOmyXflx\/ixY1C2dGn8de9vmWuibXbf9X4yjEmbJo3STev7hImTsG7tapEEngnaCYiIiJA2KNf0Y936CA6+IPJFzhgq8lKUEKcdP3rmKSQkRGNPEcr+\/fuiorg5x4V3py50bb4i+dyyZQu5I3fo8GE45MmDWrVqijXfw9p1Xurun63T0+BLFy+UeajNW7Ygm1gj7VhQOHpNtZ7PGuATTEDPBJQ\/wno2K80ZRIhIVCpVrChzPgcOHNS6bvpLT0JUrWpVzfnrIddB2+EUJt29exdjx\/2J3Xv2as5T5fqNG+JDXUt6Qy9evMCixUsxcdJk2SdS5JkovHkmdueo0C6d+v3gocNyJ2C0+ygpQKlTp5Yf7KHDRuDKlatwHzMWA0VoRjtctNVOSfa4ZZ\/IJ1F4SQ9m0mvMuPH46+5fseYZIuw9F2ujHcOCBTuBwiyae8DAwbHyRnFtq49JqFetWgPy+P4QIRmtlXbqZs+dJwVU3ZfrTMDUCVgkh6+cXr1yudzKLuhcVD4kRU9yhoeHx2JLO1dTp0xCh45dsG\/\/frm9TYlmZYcrVmcdDuhhRktLK5CYxS00P70UIYt7no5pe93GxlqEkg8+uwYSVMpJPXz4SGcB0jYX7Z7RDps6h6StH7cxAVMjoHzltEE8osTAoA\/b1z5w5GFQiJKYQom3zxVyQb\/mhj5+\/PhzwzXtlLBW7\/JpTsSzok0s42mCuzOBZE3AYLtm+r7qD4jZwVJ20vRtn+0xASZgPAJW6e0yuBtv+piZ\/75\/Xz7LE6IlJ6OsjZ63oSeUKeekjyc5Fbv8zgSYgPEIREfHPJybLHJExsPAMzMBJmBMAkqOyGRCM2PC4rmZABMwLAEWIsPyZetMgAnoQICFSAdI3IUJMAHDEmAhMixfts4EmIAOBFiIdIDEXZgAEzAsARYiw\/Jl60yACehAgIVIB0jchQkwAcMSYCEyLF+2zgSYgA4EWIh0gMRdmAATMCwBFiLD8mXrTIAJ6EDAYP\/6\/rZL2ljTN0tRKNYxHzABJsAEjh05JCGwR8S\/C0yACRidAAuR0W8BL4AJMAEWIv4dYAJMwOgEWIiMfgt4AUyACbAQ8e8AE2ACRifAQmT0W8ALYAJMgIWIfweYABMwOgEWIqPfAl4AE2ACLET8O8AEmIDRCbAQGf0W8AKYABNgIeLfASbABIxOwKSFyNLSUnxt9MeXhYWFQYFmzpwJadPG\/jd06gmzZ8+GcmXLqJu4zgSYgA4EDPaPXnWYO9FdfNathrX1x0ugr6KmL2v0Xb8B+\/YfSLR9tQFbGxvMmzMLt2\/dxoDBQ9WnNPXKlSrCzbU1mrV01bRxhQkwga8T+Pgp\/nrfZNnj7LlzOHT4KMgZKlSoEEqVKIE\/fv8Nj588wUXxzbD6Ku\/ev0dQ0E48EXa5MAEmoF8CJi9Et27dwY6duySVoB27UKRIYYwf446ypb+LJURKCKf+umorKytERcV85e3XsH748AGLly77Wjet5782j62tLSIjIzVjv9Zf05ErTMBMCJi8EMW9D2FhD2RTqlSpkMHeHhMnjMPNm6FwKVoET8PD0affQLRo3hQ1v6+BzJky4a9797DBPwB79u5D86ZNULfOj+jTfyBevHgh7VSsUB7dfuqCmbPmomGDergZGoo1a73kuZIlistQ7JtvnPDgwUNQaKguZYQYtm3jirx5HfD48WNs3R6EjQGbQKI2oF8fpE+fHnZ26eGQJw969e4LF5ci+LH2D\/L44aNHOHDgENZv8MebN2\/UZrnOBMyOgEknq+lupEqVEpmEoNCrVMkS+LVnd3mTdu7ag3Tp0iFb1qyoUL6czBstX7EKHTu0g2urlrgvcknrvHykePTu9SuqV62CkOvXQQnp2rVqam50wwb1YSH+u3DxorRF81BxLlQQI4cPRcZMGbFhYwAOHDqELFkya8aRZzZ08EBECXHy9l2P27fvoGP7tmjcqIHsk9fBQYrj1avXMGHSFNja2qBb1y64IUSTjg8eOoxSpUqIHJiVxiZXmIC5EjB5j4g8CHop5a+\/7mHl6jW4FhIiPQtqn++5CIFBO0Ahz+CB\/XHp8mWMdB8rh5CHsmzJQtSvXw8DBg3B7Tt3UKdObfiLdvJkSHC8fHyhDuloYP16deX4wUNH4JHwXqhER0WjdasWsl5PeFa0i7d8xUo8e\/4cR44eQ\/4C+YXI1RJe0WbZ53xwMObO95T1b\/Plk\/2Fu4QXERHw27ARq1avlef4BxMwdwImL0S7du+RokE36u3bSI0oqG+ckmCmrXfaZTt77rzmdOS7d7h46TIKOzvLtv9t2YZff+4ht+HJwyIB2h4YpOmvVGirnhLiighRe1T0x3xTtmxZZdf+IgRTipWllfTglOPHT\/5Rqrh+4wZ81vtJUf2+RnXpqZF4TfOY+UnIpxnEFSZgJgRMXohevIgAeUG6lAjhaZCwFHdxgY+vnxxiI7blCzsXwv2wMHlM2\/4d2rmhdcsWyJEjOw4cPITw8GefmKecUL5vvhHhWBaNGFlafIx0798Pg5OjI\/oPGIxHIj+kS1m7zhv0ypQxI+rVqyNzVpS7OnnqtC7DuQ8TMFkCHz85JnsJui+cdsh27Nwtd9aGDx2Mxg0bYOL4sfIhxcB\/vR7avQoSu3COjnmRIkUKbN6yVesEFOpR6PXnuNFo1aI5mjZpDLc2rTV9t4nENO3UjXYfgSaNG6L2D7Uw02MqypYpremjrhQT4rhssadIiNdH7ty5kFUIHBUK07gwAXMnYNIeka67Sa9fv9bcxxWrYh6C\/L5GNRQVO2kfRDKZcko7RYinlK3bAtGkUUNcuxYid9yUdvX7+eALmD13Ptq3dZMC9OrVK+kZKclsykNNnT4DXTp3RKcO7eVOGe3ePXv2qXdFdsMehCE09Jbo207msh48fIgVK1eDktlcmIC5E7DI7eD0wRAXmdy\/TohyRSlTpsDLl6+kSCSGQfr06cR2f8Rn7djb24kt+Lc6bcNTQt3ezg5P\/vmYP0rM2ngsE0jOBJSvEzJpjygxgClXFBHxPjEmNGOfP4955kjTEKeiLccUp4vmkMJHFiENDq78Rwj8p3JE\/5F7ypfJBEyOAAuRyd0yXjATMD8CLETmd0\/5ipiAyRFgITK5W8YLZgLmR4CFyPzuKV8REzA5AixEJnfLeMFMwPwIsBCZ3z3lK2ICJkeAhcjkbhkvmAmYHwEWIvO7p3xFTMDkCLAQmdwt4wUzAfMjwEJkfveUr4gJmBwBFiKTu2W8YCZgfgQM9q\/vzQ8VXxETYAL6JvD+3Vtpkj0ifZNle0yACcSbAAtRvJHxACbABPRNgIVI30TZHhNgAvEmwEIUb2Q8gAkwAX0TYCHSN1G2xwSYQLwJsBDFGxkPYAJMQN8EWIj0TZTtMQEmEG8CLETxRsYDmAAT0DcBFiJ9E2V7TIAJxJsAC1G8kfEAJsAE9E2AhUjfRNkeE2AC8SZgNkJE35BK30Wv71KlSmUUKlRQmk2dOjXy5nXQ9xTSXs6cOWBvb28Q22yUCSR3AmYhRJ07dcStmyFYtWKZ3nmPcR+J7t1+knanTZ2Mg\/v3IneuXImeJ0uWLPI77slQihQpsH\/vboOsP9ELZQNMIAkImIUQtWvrJlGR95I7d26DYdu9ew98fNYn+iuhGzZsgNMnj4HEiEpkZCTWrF2HLVu3GWztbJgJJGcCJi9EZcqURoEC+bF2nRcsLS3RxrW1wXj7rvdDvwED8fr161hzWFtbxTpWH2g7Zy3CSCofPnzQvI9yH4MFngvlsfqHtvG6nv\/aWLUdrjMBYxIweSFq364t3rx5g3HjJ+DCxYtwbd0SygeQPI4jh\/Zj9crlOHxwH26EXIG31xoULVJEw3ze3NnYsjkAmwP8EXrjGvbsCoLiYWk6\/Vvp0b2btKO0V6pYAQEb\/RBy9TLOnz2FObNmIFfOnHApWhTLly3BxeCz4twVeK1bg1o1v5fDli1djFkzPWQ9aPtW6RmlS5cOK5YvxYD+\/WS7jY0N+vbpjaNHDuLm9WvYvTMQLZo3U6YFrdnP11uu+0bIVaz38UL1atU05zt2aI8dgdvkWLrugQP6I02a1JrzXGECyY2ASQtRhgwZUL9eXWzbHogXL17Ay8sHWbNmRc2aNSXnDBnsZahWpGgRGfqs99sgRcLX1wuUHKbiLBLRxYq54NTp05i\/QHgkIuE94c9xcGvjKs+rf6RNmwaZM2eWTaVKlsSa1SthZ2eHUaPHYNnylWLe79G4cSN5\/kN0NNzHjMOgIUOQRYyZOGG8FMj5CzyxeMlS2WeahwcGDx0uPSyHPLmRI0d22T5s6GD0+aM3QkNvYeo0D0RFRcNj+lQ0a9pEnqc1ly1bBjt37caYseORK3cuTJ82Wdi3liI7dow7gi9cQNduPbBp8xbUqFFNnLORY\/kHE0iOBKyT46J0XVPLFs1ha2uL4OBgFHZ2xrVrIXJoWzdXBAYGacwMGjwUQUE75DG1k\/fRonlzzJo9R7b5bwyA++ixsj5j5iycOnEUlACncO9zpWuXTnj58iVatGiNx0+eyG4UWilhW+eu3WTImMI2BRYtXoIpkyfCxcUFx4+fkF4TDQgM3IEHDx7EmoLEhLw86tfGrZ0857lwkfScunTuhA3+G2XbxoBN8JgxU9ZfvXqFyZMmoHTp70B1uXsowr7w8HDMnTcfEydNjjUHHzCB5EbAZIWIPmxKCDVyxPBYXKtVrRprZyvq\/XvN+f0HDgoPIwqOjnk1be9V5ylxfPjIUdSo\/jHU0XRUVRwdHXH7zh2NCNEpRYRqVK+OqVMmymT0SyEMadOkkSOtRA7ra8VeeFgUmtE6lfL27VscO3ZcekFK27t375Qqzp8PlnUS5aNHj0mBbevmhpYtW8hr3bptO3r9\/oesawZxhQkkIwJf\/2Qko8Wql1KxQnk4OTnizwmT4JSvgObV2rVtTNK6zcekteW\/yWEaX6lSRbltfvv2HTqUhZ5BUgqJQPly5XDnzl2lSet7aGioDIPUgqbYGTpkkAyFipcsDefCLlIEtBmxtPz0uafwZ89AIlNZrFMpJDCUlL9167bS9MX3KVOno0Sp0ihTrqJIgC9Cwwb1RQ6p6hfH8EkmYEwCJitE7UT4Qp6Mr+96+U51eh0+cgQ3b4aidauWsLKMEZgZIr\/Svn1bDBk8ELNmeEjPxU\/ki5TSuFFDea5Txw7YvMkfGTNmwMrVq5XTWt9XrFwl232914FyOt1+6iLCp+OgRHHI9evCq7EGiSXlcpo0aRzLRoQI6ahQ+KdOMlMbXcM6L2+UL19OJry7deuKjRvWy4cdV61eQ12+WEjAKLT8qWsX5P82n\/AMc8r+4eHPvjiOTzIBYxIwydCM8ii0C7Vj565YoZEC0svbB+SVKE9ERwoPY\/SokTLkuXHzJnr8PAx\/3bundEdERITYbWstBej58+eYMnUaVq369EMfEfESFGpROXHyFH75tRdGjRyOnj26y7DniAiL9uzdhyNHjyJ7tmyYM3uW8M4scE81F409IMKuy5ev4OeePeSrcNHi1Kwp4\/+cKNdKObAKQpCiRb5nwsTJ8Pbx1fRRV16+ihE2arslPL2Lly5JcSROd+\/eBdmjZDwXJpBcCZj11wnR80W7dgSiU+euMueSKlUqkNCoC23Xnzl7Dn37DZBC9PRpuOb5HnW\/L9VpJ43EjB4jUJeUKVPKMJESyNoKPV5A+Z+4a1L6UphI\/6yEdgSjxS5cfAo9wpA5cxaEhYXFZxj3ZQJJSkD5OiGT9IgSQoryLuoErzYb\/\/zzVFvzV9seP36stU9cYYrb6dGjR3GbYh3Tep+JnFFCyvv3USxCCQHHY4xCwGRzRLrQihbP3zx9+lRsY3\/+w\/xMeEif81h0mYP7MAEmkHgCZh2aJR4PW2ACTMCQBJTQzKw9IkMCZNtMgAnojwALkf5YsiUmwAQSSICFKIHgeBgTYAL6I8BCpD+WbIkJMIEEEmAhSiA4HsYEmID+CLAQ6Y8lW2ICTCCBBFiIEgiOhzEBJqA\/AixE+mPJlpgAE0ggARaiBILjYUyACeiPAAuR\/liyJSbABBJIgIUogeB4GBNgAvojwEKkP5ZsiQkwgQQSYCFKIDgexgSYgP4IsBDpjyVbYgJMIIEEWIgSCI6HMQEmoD8CLET6Y8mWmAATSCABFqIEguNhTIAJ6I8AC5H+WLIlJsAEEkiAhSiB4HgYE2AC+iPAQqQ\/lmyJCTCBBBJgIUogOB7GBJiA\/giwEOmPJVtiAkwggQTMRoisrKzwzTdOSJsmTQJR8DAmwASMRcDkhSh79uxY5Dkfly6cw749u3BRvAdt34rq1arFmyl9BTQJWlIUS0tL+XXSSTEXz8EEkjsBkxYi8oB2Bm1D7do\/IGDTZvQfMAjTPWYic5bMWLVyGTp36qgz\/4YNG+D0yWMgMUqKMn\/eHCxeuCAppuI5mECyJ2Cd7Ff4hQWOcR+F9OnTo3OXn7Br9x5Nz3Ve3vD1XofBgwZg2\/ZAnb4D3vpfT+jDhw8aO\/GpWFtbgb5vXlvRds7G2hqpUqf6pLuFhQXoFR0d\/ck5bmAC5krAZD2ivHkdUK1aVXj7+MYSIbpRDx8+xPCRo2To07JFM3nvtmwOwLChgzX30cHBAUePHETx4sWwbOlizJrpIc9RWEeeUbp06TBv7mzQuM0B\/gi9cQ17dgWhXVs3jQ0bGxv07dNb2rl5\/Rp27wxEi+Yx81GnkiVLYNWKZQi5ehnB506DvKBy5cpK+7T2EsWLy\/q8ObOQJk1qTJ40AWdOnRD9L2HTxg0gL40LE\/gvEDBZISrm4iLvz+b\/bdF6nw4cOIjnz5+jaNGi8nymzJmkuCids2XNglw5c8JWiMn8BZ5YvGSpPDXNwwODhw7H69ev4VyoIIoVc8Gp00JEFiyEcFUw4c9xcGvjKvuSsPX5ozdCQ29h6jQPREVFw2P6VDRr2kSenzXDAznFHL\/16o3JU6aBxDNTxozS\/qVLl3Hr9m1Znzx1Gn795Re0btUS06Z7oNfvf+DBgweoWKG8slx+ZwJmTcBkQ7OUqWLCGhKMzxUKcXQpx4+fkKJEfQMDd0gRUMb5bwyA++ix8nDGzFk4deKozD35+K5H+3ZtQWPbuLWT5z0XLpIeTpfOnbDBfyMoJHv9OkoK1G4ROq5avUYxC1chOu+j3iMoaIdso75RUVGwsLTAzdBQ\/PxrLxHqvdf05woTMGcCJusRXbhwQd6XqlUqa70\/+fPnlx7QjRs3tZ7XtVEtBpGRkTh85Kj0bOzt7ECh2X7heSnl7du3OHbsOBwd88qmocNGyveFnvNk+EZhXyHhZWkrS5etAImV+8gR2BG4TYRox9HWrY22rtzGBMyOgMkK0bVrIQgWYvTLzz1RqmTJWDeGEtjTp07Gu3fvsGnzZnku8m0klHCOGqxEslhbsRQeibqot\/NJeMqXK4c7d+4i\/Nkzab9ypYqa7ra2tihTpjRu3bot2\/bs3YvaderBuYgLOnbqIgWqe7efNP1pC18pYWFh+Kl7TxQoVBh16jZASMh1DB82RHpVSh9+ZwLmSkD7p9EErpbCmD\/69MOG9T7wEy9vHx+cOXMW9FxR+3ZuyJYtG8aMG48rV67KqwkMCkLPHt0xcsRwBAcHo3+\/PrGuMuLlS3lMW\/6HDx\/F3n375HHjRg3lrtv9+2FwdW2FjBkzgPJI5CnR7lzHDu2xfNkSHDp8GE0bN4a9vT3GjZ8AEqV9e3Zi3\/4D2LJlq\/Ci8iJFihR4+jRc2g0TOaDKlSvJhHTEiwj8UKsmChdxhqfnInk+U6ZMUuwSuIknbfAPJmAqBCxyOzglbL86mVwhCc\/Y0aNQpUoVkDdDAnD16jVMmDhZIya01Jw5c8B91Ej5gScRu3z5CkqUKI4f69THpcuXkTJlSrlT5excSF5Z4aLFxbGffK6IktAkQJT8pjzQ7DnzQNv8qUSeyn3UCLRs0Vx6R9GibfbsuZg3f4HwZKzRr28fIVTtZIj48uUr7Nq1C4OGDENERATIk5o7Z7a0u1+I1fIVKzFi+DA4OTnKrftTp05j4uQpMgclF8Q\/mIAZEnj\/7q28KpMXIuXeUJhjJ\/I2b968kTteSnvcd9qWp1wO5Xu0FXqgkc6T6NB2\/Zmz59C33wApGOTNaHvOiEK21KlT48WLF1qf\/yGbz0QoF3dOCvuyC8\/t0ePHmnNp06aVIhYeHuM5aVsjtzEBcyGgCJHJhmZxbwQ9APj06dO4zZ8ck1h8qTx69Ejr6X\/++bxtykWR0HyufM4meWb3\/v471jDylrgwgf8agY\/Z0v\/aletwvc+EV\/Tq1SsdenIXJsAEEkPAbEKzxEDgsUyACRiHgBKasUdkHP48KxNgAioCLEQqGFxlAkzAOARYiIzDnWdlAkxARYCFSAWDq0yACRiHAAuRcbjzrEyACagIsBCpYHCVCTAB4xBgITIOd56VCTABFQEWIhUMrjIBJmAcAixExuHOszIBJqAiwEKkgsFVJsAEjEOAhcg43HlWJsAEVARYiFQwuMoEmIBxCLAQGYc7z8oEmICKAAuRCgZXmQATMA4BFiLjcOdZmQATUBFgIVLB4CoTYALGIcBCZBzuPCsTYAIqAixEKhhcZQJMwDgEWIiMw51nZQJMQEWAhUgFg6tMgAkYhwALkXG486xMgAmoCLAQqWBwlQkwAeMQYCEyDneelQkwARUBFiIVDK4yASZgHAIsRMbhzrMyASagIsBCpILBVSbABIxDwNrRyck4M\/OsTIAJ\/OcJXL92RTL4PyJnAoiOfyWeAAAAAElFTkSuQmCC\" alt=\"Authentik\" width=\"290\" height=\"170\" \/><\/p><ul><li>Click <strong>Create<\/strong> and select the <strong>OAuth2\/OpenID Provider <\/strong>type. The next step will be to click <strong>Next<\/strong> to proceed.<\/li><li>Fill the provider with the following values<ul><li>Name: <strong>wordpress<\/strong><\/li><li>Authentication flow: C<strong>hoose your configured<\/strong> or set default <em>(default-authentication-flow)<\/em><\/li><li>Authorization flow: <strong>choose your configured<\/strong> or set <strong>explicit<\/strong> or <strong>implicit<\/strong> consent. (<em>This setting refers to the function used during authorization for this application \u2013 we define whether Authentik should display a button that allows you to go to the application after logging in, or simply redirect you without asking)<\/em>.<\/li><li>Protocol settings<ul><li>Client type: We leave <strong>Confidential<\/strong><\/li><li>Client ID: <strong>Copy and save for later<\/strong><\/li><li>Client Secret: <strong>Copy and save for later<\/strong><\/li><li>Redirect URIs\/Origins (RegEx): <strong>https:\/\/xyz.com\/openid-connect-authorize<\/strong><\/li><\/ul><\/li><li>Signing Key: <strong>authentik Self-signed Certificate<\/strong><\/li><\/ul><\/li><li>Leave the other values unchanged and click <strong>Finish<\/strong>.<\/li><li>On the left side of the screen, select <strong>Applications<\/strong> and then <strong>Applications<\/strong> again.<\/li><li>Kliknij <strong>Create<\/strong> and fill the application with the following values:<ul><li>Name: <strong>WordPress<\/strong><\/li><li>Slug: <strong>wordpress<\/strong><\/li><li>Provider:<strong> wordpress<\/strong><\/li><li><strong>UI Settings<\/strong> you may or may not want to complete.<ul><li>Icon: <strong>download a WordPress icon<\/strong> from the Internet and upload it.<\/li><li>Publisher: i.e. <strong>WordPress.com<\/strong><\/li><li>Description: example <strong>My website based on WordPress<\/strong><\/li><\/ul><\/li><\/ul><\/li><li>Finally, confirm the creation of the application with the <strong>Create<\/strong> button.<\/li><\/ul><p>On the identity provider side, we have already completed the necessary steps. <strong>The time has come to configure in the WordPress system.<\/strong><\/p><h2><strong>Step 2 \u2013 Configuration in WordPress<\/strong><\/h2><h4>Plugin installation<\/h4><ul><li>First, <strong>log in<\/strong> to the administration panel,<\/li><li>It is worth noting that your admin account login in the admin panel should refer to the same login you have in SSO Authentik,<\/li><li>Go to the <strong>Plugins<\/strong> section, and then select <strong>Add New Plugin<\/strong> from the pop-up menu,<\/li><\/ul><p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-20358\" src=\"https:\/\/chochol.io\/wp-content\/uploads\/2024\/04\/Screenshot-2024-04-04-at-00.37.18.png\" alt=\"Wordpress, Plugins menu\" width=\"325\" height=\"171\" srcset=\"https:\/\/chochol.io\/wp-content\/uploads\/2024\/04\/Screenshot-2024-04-04-at-00.37.18.png 325w, https:\/\/chochol.io\/wp-content\/uploads\/2024\/04\/Screenshot-2024-04-04-at-00.37.18-300x158.png 300w\" sizes=\"(max-width: 325px) 100vw, 325px\" \/><\/p><ul><li>Paste the name <strong>OpenID Connect Generic Client<\/strong> into the plugin search box,<\/li><\/ul><p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-20360\" src=\"https:\/\/chochol.io\/wp-content\/uploads\/2024\/04\/Screenshot-2024-04-04-at-00.38.37.png\" alt=\"Wordpress, plugin search field\" width=\"410\" height=\"110\" srcset=\"https:\/\/chochol.io\/wp-content\/uploads\/2024\/04\/Screenshot-2024-04-04-at-00.38.37.png 410w, https:\/\/chochol.io\/wp-content\/uploads\/2024\/04\/Screenshot-2024-04-04-at-00.38.37-300x80.png 300w\" sizes=\"(max-width: 410px) 100vw, 410px\" \/><\/p><ul><li>Then <strong>select the plugin<\/strong> created by the author of <a href=\"https:\/\/profiles.wordpress.org\/daggerhart\/\" target=\"_blank\" rel=\"noopener\">daggerhart<\/a> and <strong>install it<\/strong>,<ul><li>Alternatively, you can also download a plugin <a href=\"https:\/\/wordpress.org\/plugins\/daggerhart-openid-connect-generic\/\" target=\"_blank\" rel=\"noopener\">available on the WordPress website<\/a> and install it manually by uploading a .zip package.<\/li><\/ul><\/li><\/ul><p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-20362\" src=\"https:\/\/chochol.io\/wp-content\/uploads\/2024\/04\/Screenshot-2024-04-04-at-00.38.44.png\" alt=\"Wordpress, OpenID plugin\" width=\"590\" height=\"284\" srcset=\"https:\/\/chochol.io\/wp-content\/uploads\/2024\/04\/Screenshot-2024-04-04-at-00.38.44.png 590w, https:\/\/chochol.io\/wp-content\/uploads\/2024\/04\/Screenshot-2024-04-04-at-00.38.44-300x144.png 300w\" sizes=\"(max-width: 590px) 100vw, 590px\" \/><\/p><h3>Plugin configuration<\/h3><ul><li>After successful installation of the plugin, go to <strong>Settings<\/strong> section. There you will find a reference to the <strong>OpenID Connect Client<\/strong> plug-in configuration.<\/li><\/ul><p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-20364\" src=\"https:\/\/chochol.io\/wp-content\/uploads\/2024\/04\/Screenshot-2024-04-04-at-00.42.23.png\" alt=\"Wordpress, Settings OpenID Connect Client\" width=\"167\" height=\"60\" \/><\/p><ul><li>Fill in the fields with the following values<ul><li><strong>Client Settings<\/strong><ul><li>Login type: leave OpenID Connect button on login form<\/li><li>Client ID: <strong>Paste Client ID from Authentik<\/strong><\/li><li>Client secret key: <strong>Wklej Client secret z Authentika<\/strong><\/li><li>OpenID Scope: <strong>email profile openid<\/strong><\/li><li>Login Endpoint URL: <strong>https:\/\/auth.xyz.com\/application\/o\/authorize\/<\/strong><\/li><li>Userinfo Endpoint URL: <strong>https:\/\/auth.xyz.com\/application\/o\/userinfo\/<\/strong><\/li><li>Token Validation Endpoint URL: <strong>https:\/\/auth.xyz.com\/application\/o\/token\/<\/strong><\/li><li>End Session Endpoint URL: <strong>https:\/\/auth.xyz.com\/application\/o\/wordpress\/end-session\/<\/strong><\/li><li>ACR values: <strong>leave empty<\/strong><\/li><li>Identity Key: <strong>preferred_username<\/strong><\/li><li>Disable SSL Verify: <strong>leave unchecked<\/strong><\/li><li>HTTP Request Timeout: <strong>5<\/strong><\/li><li>Nickname Key: <strong>preferred_username<\/strong><\/li><li>Email Formatting: <strong>{email}<\/strong><\/li><li>Display Name Formatting: <strong>leave empty<\/strong><\/li><li>Identify with User Name: <strong>leave empty<\/strong><\/li><li>State time limit: <strong>leave empty<\/strong><\/li><li>Enable Refresh Token: <strong>leave empty<\/strong><\/li><\/ul><\/li><li><strong>WordPress User Settings<\/strong><ul><li>Link Existing Users: <strong>tick<\/strong><\/li><li>Create user if does not exist: <strong>tick<\/strong><\/li><li>Redirect Back to Origin Page: <strong>leave empty<\/strong><\/li><li>Redirect to the login screen when session is expired: <strong>leave empty<\/strong><\/li><\/ul><\/li><li><strong>Authorization Settings<\/strong><ul><li>Enforce Privacy: <strong>leave empty<\/strong><\/li><li>Alternate Redirect URI: <strong>tick<\/strong><\/li><\/ul><\/li><li><strong>Log Settings<\/strong><ul><li>Enable Logging: <strong>leave empty<\/strong><\/li><li>Log Limit: <strong>1000<\/strong><\/li><\/ul><\/li><\/ul><\/li><li>Save your settings with the <strong>Save Changes<\/strong> button.<\/li><li>To use single sign-on, you must first go to the WordPress administration panel (wp-admin). Then select <strong>Login with OpenID Connect<\/strong>.<\/li><\/ul><p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-20366\" src=\"https:\/\/chochol.io\/wp-content\/uploads\/2024\/04\/Screenshot-2024-04-04-at-00.51.01.png\" alt=\"Wordpress, SSO OpenID\" width=\"376\" height=\"540\" srcset=\"https:\/\/chochol.io\/wp-content\/uploads\/2024\/04\/Screenshot-2024-04-04-at-00.51.01.png 376w, https:\/\/chochol.io\/wp-content\/uploads\/2024\/04\/Screenshot-2024-04-04-at-00.51.01-209x300.png 209w\" sizes=\"(max-width: 376px) 100vw, 376px\" \/><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-24abd82 elementor-widget elementor-widget-text-editor\" data-id=\"24abd82\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-5bf2e71 e-flex e-con-boxed e-con e-parent\" data-id=\"5bf2e71\" data-element_type=\"container\" data-core-v316-plus=\"true\"><div class=\"e-con-inner\"><div class=\"elementor-element elementor-element-19ecd5b elementor-widget elementor-widget-text-editor\" data-id=\"19ecd5b\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\"><div class=\"elementor-widget-container\"><p>If you have additional questions about the setup, <strong>go ahead and leave a comment under this article<\/strong> or <strong>contact me directly<\/strong>. I will be happy to answer any concerns and help solve any problems. Your questions can help improve this guide for other users.<\/p><h2>Additional Sources and information<\/h2><p>For further exploration and more information, I recommend checking out the links below. They are valuable sources that were used in the development of this guide:<\/p><ul><li>OpenID Connect Generic Client on GitHub: <a href=\"https:\/\/github.com\/oidc-wp\/openid-connect-generic\" target=\"_blank\" rel=\"noopener\">https:\/\/github.com\/oidc-wp\/openid-connect-generic<\/a><\/li><\/ul><h2>Read also<\/h2><ul><li><a href=\"https:\/\/chochol.io\/en\/hardware\/tvheadend-satip-decoder-installation-and-configuration\/\">TVHeadend: Installing and configuring SAT>IP decoder<\/a> \/ Telestar Digibit Twin: Discover in today\u2019s blog post the step-by-step configuration of SAT>IP with TVHeadend in Docker Compose.<\/li><li><a href=\"https:\/\/chochol.io\/en\/smart-home\/home-assistant-esphome-to-control-a-housing-estate-gate\/\">Home Assistant: ESPHome and estate barrier control<\/a> \/ Learn how to integrate and control a residential barrier or entrance gate remotely using ESPHome and the Home Assistant platform.<\/li><li><a style=\"font-family: Roboto, sans-serif; font-size: 16px;\" href=\"https:\/\/chochol.io\/en\/computer-networking\/how-to-configure-a-leox-gpon-ont-module-on-a-mikrotik-router\/\">How to configure Leox GPON ONT insert on Mikrotik router<\/a> \/ <span style=\"font-family: Roboto, sans-serif; font-size: 16px;\">Step-by-step guide on how to configure Leox LXT-010S-H GPON ONT insert on Mikrotik RB5009 router, instead of ONT module from Orange.<\/span><\/li><li><a href=\"https:\/\/chochol.io\/en\/computer-networking\/unifi-network-application-remote-adoption-of-an-access-point\/\">UniFi Network Application: Connecting an Access Point from another network<\/a> \/ Discover how to connect a device from Ubiquiti UniFi from another network to Network Application \u2013 using Mikrotik\u2019s IPSec tunnel as an example.<\/li><li><a href=\"https:\/\/chochol.io\/en\/computer-networking\/unifi-controller-in-docker-migrating-to-unifi-network-application\/\">UniFi Controller in Docker: Migrating to UniFi Network Application<\/a> \/ UniFi Controller: Discover step-by-step how to successfully migrate to Network Application using Docker Compose.<\/li><li><a href=\"https:\/\/chochol.io\/en\/smart-home\/home-assistant-installing-mirror-lighting-on-esphome\/\">Home Assistant: Install mirror lighting on ESPHome<\/a> \/ Set up simple mirror lighting with ESPHome in Home Assistant. Discover simple integration and control light with ease.<\/li><li><a href=\"https:\/\/chochol.io\/en\/hardware\/ads-b-receiver-installation-and-configuration-on-raspberry-pi\/\">ADS-B: Receiver Installation and Configuration on Raspberry Pi<\/a> \/ Discover the secrets of installing and configuring your own ADS-B antenna on Raspberry Pi. Develop skills and track aircraft in real time.<\/li><li><a href=\"https:\/\/chochol.io\/en\/software\/traccar-docker-installation-guide-on-synology\/\">Traccar: A guide to installing on Synology with Docker<\/a> \/ Step-by-step guide: Installing Traccar on Synology using Docker. Effective vehicle tracking on your own server.<\/li><\/ul><\/div><\/div><\/div><\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Configure Single Sign-On between Authentik and WordPress for secure and comfortable login. Learn about step-by-step configuration.<\/p>\n","protected":false},"author":1,"featured_media":20353,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[96],"tags":[100],"class_list":["post-20374","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-software","tag-authentik"],"_links":{"self":[{"href":"https:\/\/chochol.io\/en\/wp-json\/wp\/v2\/posts\/20374","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/chochol.io\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/chochol.io\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/chochol.io\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/chochol.io\/en\/wp-json\/wp\/v2\/comments?post=20374"}],"version-history":[{"count":0,"href":"https:\/\/chochol.io\/en\/wp-json\/wp\/v2\/posts\/20374\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/chochol.io\/en\/wp-json\/wp\/v2\/media\/20353"}],"wp:attachment":[{"href":"https:\/\/chochol.io\/en\/wp-json\/wp\/v2\/media?parent=20374"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/chochol.io\/en\/wp-json\/wp\/v2\/categories?post=20374"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/chochol.io\/en\/wp-json\/wp\/v2\/tags?post=20374"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}