Suppressing reauth parameter

This module still works with WP 4.5.1 when people login via wp-login.php, but it gets caught by the reauth parameter if people try to login vi /wp-admin/. I borrowed the code from the http_authentication plugin to remove the reauth parameter, and put an updated version at https://github.com/scottylogan/wp-simplesamlphp-authentication

Here’s just the patch:

diff --git a/simplesamlphp-authentication.php b/simplesamlphp-authentication.php
index a864db3..61681c0 100644
--- a/simplesamlphp-authentication.php
+++ b/simplesamlphp-authentication.php
@@ -53,6 +53,7 @@ if ($simplesaml_configured) {
/*
Plugin hooks into authentication system
*/
+add_filter('login_url', array('SimpleSAMLAuthenticator', 'bypass_reauth'));
add_filter('authenticate', array('SimpleSAMLAuthenticator', 'authenticate'), 10, 2);
add_action('wp_logout', array('SimpleSAMLAuthenticator', 'logout'));
add_action('lost_password', array('SimpleSAMLAuthenticator', 'disable_function'));
@@ -136,7 +137,21 @@ if ($slo) {
if(!class_exists('SimpleSAMLAuthenticator')) {

class SimpleSAMLAuthenticator {
-
+
+ /*
+ * "Borrowed" from https://www.ads-software.com/plugins/http-auth
+ *
+ * Remove the reauth=1 parameter from the login URL, if applicable. This allows
+ * us to transparently bypass the mucking about with cookies that happens in
+ * wp-login.php immediately after wp_signon when a user e.g. navigates directly
+ * to wp-admin.
+ */
+ function bypass_reauth($login_url) {
+ $login_url = remove_query_arg('reauth', $login_url);
+
+ return $login_url;
+ }
+
function authenticate($user, $username) {
if(is_a($user, 'WP_User')) { return $user; }

https://www.ads-software.com/plugins/simplesamlphp-authentication/