Well, this was my solution. It’s not perfect, since it still allows all users to do a “forgot password” and change password on their profile, but a saml login will reset the password the next time the user logs properly via sso anyway.
I created two different login links which I put as buttons on my blogs:
SSOLogin: https://mysite.com/wp-login.php?saml=yes&redirect_to=/
Wordpress Login: https://mysite.com/wp-login.php?redirect_to=%2F
Then I modified the plugin:
if (!empty($_GET['saml']) && $_GET['saml'] == 'yes') {
add_filter('authenticate', array('SimpleSAMLAuthenticator', 'authenticate'), 10, 2);
add_action('wp_logout', array('SimpleSAMLAuthenticator', 'logout'));
add_action('wp_logout',create_function('','wp_redirect(home_url());exit();'));
} else {
remove_all_filters('authenticate');
add_filter('authenticate', 'wp_authenticate_username_password', 10, 3);
}
//add_action('lost_password', array('SimpleSAMLAuthenticator', 'disable_function'));
//add_action('retrieve_password', array('SimpleSAMLAuthenticator', 'disable_function'));
//add_action('password_reset',array('SimpleSAMLAuthenticator', 'disable_function'));
//add_filter('show_password_fields', array('SimpleSAMLAuthenticator', 'show_password_fields'));
