SSO connects me to the IdP, but doesn’t log me in WordPress when redirected back
-
Hi there,
I’m trying to set up SSO with a custom IdP. I can successfully hit the IdP and login to their system. But when I’m redirected back to my site I’m still not logged in (and no user is created for me if it’s a new user).
In my themes functions.php I’ve added the following filter (removed site/certificate information). Any ideas?.. Thanks!
function wpsax_filter_option($value, $option_name) { $spBaseUrl = 'https://my-site-url'; $defaults = array( /** * Type of SAML connection bridge to use. * * 'internal' uses OneLogin bundled library; 'simplesamlphp' uses SimpleSAMLphp. * * Defaults to SimpleSAMLphp for backwards compatibility. * * @param string */ 'connection_type' => 'internal', /** * Configuration options for OneLogin library use. * * @param array */ 'internal_config' => array ( 'sp' => array ( 'entityId' => $spBaseUrl, 'assertionConsumerService' => array( 'url' => $spBaseUrl . '/wp-login', ), 'singleLogoutService' => array( 'url' => $spBaseUrl . '/?sls', ), 'NameIDFormat' => 'urn:oasis:names:tc:SAML:2.0:assertion:cloudemailaddress', ), 'idp' => array ( 'entityId' => 'ofis:xxx:broker:s', 'singleSignOnService' => array ( 'url' => 'https://my-ipd/', ), 'singleLogoutService' => array ( 'url' => 'https://my-ipd/SignOut.aspx', ), 'x509cert' => '*removed*', ), ), /** * Path to SimpleSAMLphp autoloader. * * Follow the standard implementation by installing SimpleSAMLphp * alongside the plugin, and provide the path to its autoloader. * Alternatively, this plugin will work if it can find the * <code>SimpleSAML_Auth_Simple</code> class. * * @param string */ 'simplesamlphp_autoload' => dirname( __FILE__ ) . '/simplesamlphp/lib/_autoload.php', /** * Authentication source to pass to SimpleSAMLphp * * This must be one of your configured identity providers in * SimpleSAMLphp. If the identity provider isn't configured * properly, the plugin will not work properly. * * @param string */ 'auth_source' => 'default-sp', /** * Whether or not to automatically provision new WordPress users. * * When WordPress is presented with a SAML user without a * corresponding WordPress account, it can either create a new user * or display an error that the user needs to contact the site * administrator. * * @param bool */ 'auto_provision' => true, /** * Whether or not to permit logging in with username and password. * * If this feature is disabled, all authentication requests will be * channeled through SimpleSAMLphp. * * @param bool */ 'permit_wp_login' => false, /** * Attribute by which to get a WordPress user for a SAML user. * * @param string Supported options are 'email' and 'login'. */ 'get_user_by' => 'cloudemailaddress', /** * SAML attribute which includes the user_login value for a user. * * @param string */ 'user_login_attribute' => 'cloudemailaddress', /** * SAML attribute which includes the user_email value for a user. * * @param string */ 'user_email_attribute' => 'cloudemailaddress', /** * SAML attribute which includes the display_name value for a user. * * @param string */ 'display_name_attribute' => 'name', /** * SAML attribute which includes the first_name value for a user. * * @param string */ 'first_name_attribute' => 'givenname', /** * SAML attribute which includes the last_name value for a user. * * @param string */ 'last_name_attribute' => 'surname', /** * Default WordPress role to grant when provisioning new users. * * @param string */ 'default_role' => get_option( 'default_role' ), ); $value = isset( $defaults[ $option_name ] ) ? $defaults[ $option_name ] : $value; return $value; } add_filter( 'wp_saml_auth_option', 'wpsax_filter_option', 10, 2 );
Viewing 3 replies - 1 through 3 (of 3 total)
Viewing 3 replies - 1 through 3 (of 3 total)
- The topic ‘SSO connects me to the IdP, but doesn’t log me in WordPress when redirected back’ is closed to new replies.
