Helens slot Casino Login,007 Slots Casino login download.REGISTER NOW GET FREE 888 PESOS REWARDS!

Resolved honyczek
(@honyczek)

9 years, 3 months ago
I’ve tried to run SAML 2.0 SSO plugin at WordPress 4.2.4 on IIS 8 (Windows Server 2012) with ADFS. The step-by-step post mostly helped me, but not in all cases. So I’ve decided to post my research. Because original thread is locked, I’ve created this new one.
1. On Service Provider configuration page you have to change NameID Policy to urn:oasis:names:tc:SAML:2.0:nameid-format:transient.
2. After uploading Signing certificate, you can’t check it by clicking download button (URL https://server.example.org/wordpress/wp-content/uploads/saml-20-single-sign-on/etc/certs/1/1.cer), because IIS 8 blocks this type of file extension. The solution is to go to IIS Manager, Web site and select folder wp-content/uploads/saml-20-single-sign-on/etc/certs. Then in features view select MIME Types, click Add… in actions panel and fill: File name extension – cer, MIME type – application/pkix-cert. Then click OK.
3. There is Your Entity ID blank on the General tab of the SAML plugin configuration. If you click on the metadata link above, you’ll get error page Unhandled exception:
```
Caused by: Exception: authsources['1']: Unable to load certificate/public key from file "C:\inetpub\wwwroot\wordpress\wp-content\plugins\saml-20-single-sign-on\saml/cert/C:\inetpub\wwwroot\wordpress/wp-content/uploads/saml-20-single-sign-on/etc/certs/1/1.cer".
```
  To resolve this error, you have to edit path-to-wordpress\wp-content\plugins\saml-20-single-sign-on\saml\lib\SimpleSAML\Utilities.php file. Inside is resolveCert function, where you need to add one condition. Final result of resolveCert edit:
```
public static function resolveCert($path) {
		assert('is_string($path)');
		if(file_exists($path)) { return $path; }

		$globalConfig = SimpleSAML_Configuration::getInstance();
		$base = $globalConfig->getPathValue('certdir', 'cert/');
		return SimpleSAML_Utilities::resolvePath($path, $base);
	}
```
  Then the metadata link become reachable.
4. There was an error with displaying blank page, when I enabled SAML authentication. What helped me was correction of file system permission by reseting them. (WordPress directory Properties – Security – Advanced – Change permissions – check option Replace all child object permission entries with inheritable permission entries from this object.)
5. In ADFS – Relying Party Trusts – your trust – properties you have to add signing certificate to Signature tab. If don’t add it, ADFS goes to error MSIS0037: No signature verification certificate found for this issuer.
6. Claim Rule (Using “Transform an Incoming Claim” template) described in mentioned step-by-step post need some corrections: Incoming claim type: E-Mail Address change to Windows account name and Outgoing Name ID format: Email change to Transient Identifier.

Viewing 1 replies (of 1 total)

Thread Starter honyczek
(@honyczek)

9 years, 2 months ago

ad 6. There is not important if you use incoming claim E-Mail Address or Windows account name. You have to set the same Name ID policy urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress or urn:oasis:names:tc:SAML:2.0:nameid-format:transient. But what next is very important is order of Issuance Transform Roles. First have to be Transform an Incoming Claim rule and the second rule Send LDAP Attributes as Claims. Ordering of these rules you can set using arrows on the right of Edit Claim Rules window.

Viewing 1 replies (of 1 total)

The topic ‘SAML 2.0 Single Sign-On and ADFS’ is closed to new replies.

SAML 2.0 Single Sign-On and ADFS

Tags

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics