WordPress asks for password

  • Resolved felixja

    (@felixja)


    10 years, 12 months ago

    Hi,

    I’m not an expert on SAML or SSO and (after a couple of days of research) I’m trying to configure a connection with an external idp through SAML in WordPress. I’ve testing all plugins and this seems to be the best option for me.

    I have two problems, first is that when I enter the idp data (having de sp configured) and go to the admin, I can see the idp login page but when I login, an exception is shown saying UNHANDLED EXCEPTION:

    Backtrace:
    0 /home/test1/www/test2/wp-content/plugins/saml-20-single-sign-on/saml/www/module.php:180 (N/A)
    Caused by: sspmod_saml_Error: Requester/InvalidNameIDPolicy: Cannot provide requesed name identifier with format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent for the given subject
    Backtrace:
    3 /home/test1/www/test2/wp-content/plugins/saml-20-single-sign-on/saml/modules/saml/lib/Message.php:371 (sspmod_saml_Message::getResponseError)
    2 /home/test1/www/test2/wp-content/plugins/saml-20-single-sign-on/saml/modules/saml/lib/Message.php:498 (sspmod_saml_Message::processResponse)
    1 /home/test1/www/test2/wp-content/plugins/saml-20-single-sign-on/saml/modules/saml/www/sp/saml2-acs.php:75 (require)
    0 /home/test1/www/test2/wp-content/plugins/saml-20-single-sign-on/saml/www/module.php:135 (N/A)

    That error is showed when I try to connect to the final idp, but it may be caused by the idp configuration so i didnt give up and I have been trying with some other idps only for testing until I found one that seems to work better. Now I see the idp login page, I log in (I told the idp to send me the username attribute) but after redirecting wordpress says that I have to enter a password :(.

    I don’t know if this is because of this WordPress version or maybe I didn’t understand how this might work. I think that if you login in the idp form, and the idp redirects to the wordpress admin (because you did a good login), the user might be logged in directly on WordPress right??

    Well… I would appreciate any kind of help… I’m going crazy with this.

    Thanks

    https://www.ads-software.com/plugins/saml-20-single-sign-on/

Viewing 1 replies (of 1 total)
  • Thread Starter felixja

    (@felixja)

    Well,

    I fixed both problems but I don’t delete the thread because may be useful for other people.

    The first one was fixed changing from persistent to transient the NameID Policy in service provider tab.

    Well, the second was caused because I had the user previously created in the WP admin and this plugin automatically creates a password when receive a login request from SAML. That password mismatch was the reason for the password error.

    I will make a recomendation too. In my case, we can’t store the roles on the SSO server, we wanted to manage them through the WordPress and by default this plugin launch an error if it don’t receive the role from the idp. Solution for this was easy:

    All the login and register stuff is on the file lib\classes\saml_client.php. In that file I changed the “none” value in update_role function to subscriber so if the idp doesn’t send the role and it is a new user it would be registered as subscriber allowing you to change and manage his role from administrator account.

    We had to do another change. By default this plugin read the role from the SAML information even if is an already registered user and updates it, so it overrides your selection on users management. Solution is to comment the “$this->update_role()” call at the function “simulate_signon()”.

    That’s it! All working perfect.

    I can say that this plugin works very good and its “easy” to use. Maybe you have to investigate a little, but it can be used even with a private SSO platform (from a big company was my case).

Viewing 1 replies (of 1 total)
  • The topic ‘WordPress asks for password’ is closed to new replies.