anukasha

Hi there,

Thanks for reaching out to us.

We have released compatibility fixes with PHP 5.6 in the version 5.2.2 of our plugin. Please download this latest version to fix the issue you mentioned.

Feel free to reach out if you have any further questions.

Thanks,
Anukasha

Hi Monica,

Thank you for reaching out to us.

I understand that you’re looking to provide?login?access for various institutions and libraries, enabling their staff and students to log into your?journal site?using their institution’s credentials. Please correct me if I’m wrong.

If the user identities are managed by different institutions within an Identity Provider (IdP) like Shibboleth, OpenAthens, etc., then we can set up?SSO?with multiple Identity Providers on your journal site. This can be achieved with our paid versions of the?WordPress SAML?Single Sign-On plugin. Both the Enterprise and All-Inclusive plans support the configuration of multiple Identity Providers (IdPs), Domain Mapping, and?Role Mapping?features to meet your requirements.

The solution would look like:

1. When onboarding an institution, you’ll need to configure the institute’s?IdP for SSO in our SAML?SSO?plugin. We’re here to help with that integration. This will allow their users (staff and students) to authenticate with their institution’s credentials to access your?site.
2. With the domain mapping feature, users trying to access your?site?will first land on the WordPress?login?page, where they’ll be asked to enter their email address. If their email domain matches the configured IDP domain in the plugin, they’ll be automatically redirected to their institution’s IDP?login?page. Once authenticated, they’ll have seamless access to your?site.
3. Furthermore, we can use the role mapping feature of the plugin to assign specific WordPress roles to users based on their profile information or groups in their institution’s IDP. This role mapping will help determine which pages and data they can access on your journal site.

If you’d like, we can schedule a quick Zoom call or Google Meet to discuss your needs in more detail. Please feel free to share your time zone and availability through the free plugin’s support form, and we’ll arrange a meeting with you accordingly.

Please do not hesitate to reach out if you have any questions or concerns.

Thanks,
Anukasha

Hi @kostiantynpetlia,

We are glad to know that you like our plugin and it has been working well for you.

Thanks for your suggestion on making the plugin compatible with CSP. Our team is currently checking the feasibility of enqueuing the scripts using WP functions for mo_saml_add_sso_button(). We would be pushing this change in the next release of the plugin, if everything looks good.

Please let me know if you have any further questions.

Thanks,
Anukasha

Hi Daniel,

The feature “Auto redirection from WP login” is available in the premium versions of our plugin. This feature would allow you to restrict access to your WordPress login page. Any unauthenticated user trying to access your site’s /wp-login.php or /wp-admin endpoints would automatically be redirected to Azure for authentication. This would ensure that only users authenticated via Azure can login into your site to view protected content.

Please feel free to reach out if you need any further information, or have any other questions.

Thanks,
Anukasha

Hi Daniel,

Thanks for reaching out to us.

Please find my remarks below to your questions:

We also wanted to give different access to the WordPress sites (admin, editor) but manage all from Azure, is this possible?

Yes, this is possible. For every site you have, you can create a separate Enterprise Application in Azure and assign users who will have access to the site to the appropriate apps.

What happen to our actual users in WordPress and the content they’ve created? They are mapped to the Azure users in some way??

Yes, the plugin maps the users from Azure with WordPress accounts using their username or email.
So, let’s say, user A exists in WordPress with username “usera” and email “[email protected]”, and also exists in Azure with email “[email protected]”. When user A logs in through Azure Single Sign-On, he will be actually logged into the WordPress account of “usera” since the same email was found.

One last question, is there a feature to turn off any login if the user is not authorized from the Azure portal? And if we delete a user from Azure, we need to be sure that user can never login to any of the websites.  

If you want specific user(s) to not be able to login via Azure Single Sign-On, you can un-assign those particular users from the app created in Azure. Alternatively, you can also delete the users from Azure. This would automatically ensure that users can not login to any WordPress site using Azure Single Sign-On. On top of this, if you want the user to be deleted in real time from WordPress as well after removal from Azure, you can be achieve this using our?SCIM User Provisioning?plugin.

I’d be happy to discuss your requirements in more detail. Please feel free to reach out to us via the contact form in the plugin so that we can schedule a call with you.

Please let me know if you have any further questions.

Thanks,
Anukasha

Hi there,

Thanks for reaching out to us.

The screenshot you shared seems to be of miniOrange’s Two Factor Authentication Plugin. Please be rest assured that the concerned team has been notified of this issue, and this would be fixed in the upcoming release of the Two Factor Authentication Plugin, scheduled next week.

Feel free to reach out if you have any further questions.

Thanks,
Anukasha

Hi Erik,

We apologize for the confusion that the miscommunication has caused.

To clarify, the support of WP-CLI update had been released on our production since the version 12.1.8. As I understand, you were still facing issues with it in version 12.2.1, and hence we mentioned the following things in our email, that need to be checked for WP-CLI update to be working properly:
– The plugin folder name is miniorange-saml-20-single-sign-on
– You are logged into the plugin
– You have entered a valid license key in the json file

We understand your decision to go ahead with a different plugin. However, if you’re willing to give us a chance, please let us know and we will make sure that everything it working as expected for your usecase.

Thanks,
miniOrange

Hi Erik,

Thank you for taking the time to share your feedback.

The plugin does support updates via WP-CLI, and the correct version was provided when requested. As per our records, we were able to rectify all the issues you mentioned and we did respond to all the messages you sent.

If there are any unresolved queries or additional concerns, please feel free to reach out—we’re here to assist you.

If you’re open to it, we’d love to schedule a call to discuss any remaining concerns. Our goal is to make sure our plugins work seamlessly for you.

Thanks,
miniOrange

Hi Vimal,

We apologize for the inconvenience.

The error message does not indicate any error with the miniOrange WordPress SAML SSO Plugin. However, could you please try removing the plugin folder miniorange-saml-20-single-sign-on via FTP?

We would also be glad to look into this issue over a call and help you resolve it at the earliest. Please do reach out to us at [email protected] so that we can schedule a call with you at the earliest.

Thanks,
miniOrange

Hi there,

Thanks for reaching out to us.

1 – Does it support simultaneous login with another WordPress site (2 sites with WordPress)?
>> Yes, to support simultaneous login with another WordPress site, you can set up WordPress site A as the Identity Provider (IDP) using our SAML IDP Plugin and configure it with our SAML SSO Plugin on WordPress site B. A login button or link can be embedded on your WP site B, clicking on which would redirect users to the WP site A for login. After entering their WP site A credentials, they will be logged in to WP site A as well as WP site B.
Please note that if you already have an Identity Provider where your users are stored, you can use that and configure our SAML SSO Plugin on both your WP sites to achieve the auto login experience.

2 – The login can be directed exclusively to one product.
>> Can you please confirm if that external site is your?other WordPress site or a?third-party site? If it is a WordPress site, then as mentioned above, you can make your WordPress site A act as an IDP, where you can put all of your courses and users. This can enforce login using WP Site’s A credentials and provide access to WP Site B content only after authentication with WP Site A.
You can also allow access to a specific course, by using the attribute and role mapping feature in our plugin. This feature would allow you to control access based on user roles or attributes from the IDP.

We would love to show you a demo of how this works. Please feel free to reach out to us via the plugin’s support form to schedule a meeting.

Thanks,
miniOrange

Hi Simon,

Thanks for explaining the issue you are facing.

To enable SAML Single Sign-On, you will have to select the non-gallery app and create your own application, instead of selected a pre-added app.

All of these steps are mentioned here in our documentation – [ Office365 SSO Setup guide ]
Please follow the steps in the guide and feel free to reach out if you still face issues.

You can also reach out to us via the plugin’s support form so that we can schedule a meeting with you and help you resolve this issue at the earliest.

Thanks,
Anukasha

Hi Simon,

Thanks for reaching out to us.

This error is shown when the Entity ID configured in the plugin doesn’t match the Entity ID configured in your Azure Enterprise Application.

You can find the correct value of the Entity ID in the miniOrange SAML SSO plugin by following these steps:

1. Go to the Service Provider Metadata tab in the plugin.
2. The Entity ID value is mentioned in the SP Entity ID / Issuer field.

To verify if this Entity ID is properly entered in your Azure application, please follow the steps below:

1. Navigate to your configured Enterprise Application in Azure.
2. Click on Single Sign-On from the left panel, and then click on the Edit button of the Basic SAML Configuration.
3. Under the Identifier (Entity ID) section, please ensure the Entity ID is the same as in the miniOrange SAML SSO plugin.

Please don’t hesitate to contact us via the plugin’s support form for further assistance.

Thanks,
Anukasha

Hi,

As I understand, simplesamlphp would act as the SAML IDP for your WordPress site (which would be your SP).

If my understanding is correct, then you can achieve this with the Standard paid plan. Standard Plan includes the “Auto-redirection from Site” feature which would redirect your employees to your IDP for authentication, and only then allow them to view the site. For a more detailed comparison between the plans, you can click on the “Premium Plans” button in the plugin.

Please let me know if you have any further questions.
Also, please feel free to reach out to us via the plugin’s support form in case you need any help.

Thanks,
Anukasha

Hi there,

Thanks for reaching out to us.

The free version will allow you to add a Single Sign On button on your WordPress login page. Using this, you can allow your employees to login using their Identity Provider credentials, as well as provide an option to the admins/editors to login using their WP credentials.

However, to achieve your requirements out-of-the-box, you can look into the premium version of our plugin. Using the premium version, you will be able to enforce SSO for the users who want to access the content of your site and enable a backdoor for the Admin and Editors to allow them to login using WP credentials.

Please feel free to reach out to us via the Support Form in the plugin so that we can guide you further with your requirements.

Thanks,
Anukasha

Hi there,

Thank you for reaching out to us.

We understand your concern. I want to reassure you that our SSO Plugin is not affected by the CVE-2024-2172 vulnerability.

Additionally, I would like to mention that we consistently update and maintain our SSO plugin to guarantee its safety and security for all users.

Please feel free to reach out if you have any further questions or concerns.

Thanks,
miniOrange