[Plugin: Active Directory Authentication Integration] SSO for Active Directory Users

Unfortunately, I’m not sure how SSO might be integrated with this plugin. I know there are SSO plugins for WordPress; but I have not used them (I’m actually getting ready to try to investigate CAS, but I’m not sure if I’ll be able to integrate that with the features in this plugin or not). Thanks.

Thx for your response. Fortunately i had some time to extend your plugin with a SSO feature. It requires a litte modification in your adLDAP.php to avoid the User/Password Authentication against the Active Directory and trust the REMOTE_USER Variable.

At least is requred a additional action for the “login_init’ – process. There must be set the REMOTE_USER for the username and something for the password variable.

I have now a working SSO, maybe i can help you to integrate that feature in your plugin.

Hey guys how did things go with the advancement of the AD plugin with SSO integration?

I’m very interested and would like to know more.

edv_bruneck are you able to share your mods?

@edv_bruneck:

Indeed, I too would be interested in your adLDAP.php mods to get SSO. I’ve been running the previous Active Directory Integration v1.1.3 for a while now and would definitely move to ADAI v0.6 if it incorporated SSO. Any updates to this effect yet?

… i’m sorry that Curtiss Grymala did not respond to be able to integrate the SSO in the plugin.

But i can share the mods:

1) First you have to set apache to autenticate you against the active directory and set the REMOTE_USER variable.

2) on line 417 in the adLDAP.php:

// Bind as the user
        $ret = true;
        $this->_bind = @ldap_bind($this->_conn, $username . $this->_account_suffix, $password);
        if (!$this->_bind){ $ret = false; }

		<strong>// Line added by edv_bruneck Tauber to trust the REMOTE_USER Variable
		if ($username === strtolower($_SERVER['REMOTE_USER'])) {
			$ret = true;
		}</strong>

        // Cnce we've checked their details, kick back into admin mode if we have it

3) now we need a litte plugin to set the username and password to something. Place a directory to your pluginfolder and set the following php code in a file:

<?php
/*
Plugin Name: SSO 4 Active Directory Authentication Interation Plugin
Plugin URI: https://www.info.bruneck.sgv
Description: Single Sign On Extension for Active Directory Authentication Interation Plugin
Version: 1.0
Author: edv_bruneck
*/

function sso4adip() {
	// REMOTE_USER als Benutzer setzen und Password auf irgenetwas
	// Ausser es wird ein Logout angefragt, dann nix setzen
	if (($_REQUEST['action'] != "logout") && (!isset($_REQUEST['loggedout']))) {
		$_POST['log'] = $_SERVER['REMOTE_USER'];
		$_POST['pwd'] = "something";
	}
}

add_action('login_init', 'sso4adip');

?>

enable this plugin and enjoy ??

Please report me if you find some errors, thx!!!