CGaryDesigns

UPDATE:

hi Lloyd – there actually is another solution that I found last night. if you add the ‘redirect_to’ parameter onto your URL that points to the Login page, when the SSO completes, it will redirect to the URL that you used for your ‘redirect_to’ paramater. Note- the ‘redirect_to’ parameter must be a full url (including domain). Works great! Fully tested! only works in 0.9.2 plugin version though..

URL example:
https://<wordpressurl.com>/wp-login.php?redirect_to=<full target url>

Thanks.

Hi Lloyd, sorry long time no talk to. You have to understand that the login is working – please note that the User HAS TO BE POINTED to a page REQUIRING AUTHENTICATION for the WordPress side of the Signin to work. That is why the RelayState URL is usually the /wp-admin/ location. Try this – Create a page that is secured (requires authentication) and point the return to that. If that works, then create a redirect on that page to point the person where you need them to be.

PS. Please note that the page you create, secure it using the Standard WordPress page restriction tools – not some third party plugin – because you run the risk of the WordPress login process not being called.

This has been resolved. It looks like someone made a manual modification to the pluggable.php file – in the method that plugs in the authentication pieces. No issue with this plugin, all is well. Not I have successfully integrated WordPress with Salesforce using this plugin. Any questions, I can be reached at @cgarydesigns on twitter.

Thanks Kevin for an awesome plugin!

Not sure if this is still applicable to you but…..
If you have set up Salesforce as an IdP, you want to get the ‘Metadata file’ (there is a button for it. Included in this file is the security certificate that was generated. Place this file in a location that is publicly accessible via the internet (I put it in my word press directory). Then put the URL of this file in the ‘URL to IdP Metadata ‘ text box and press the ‘Get Metadata’ button. It will populate the Identity Provider settings for you appropriately.
Then all you have to do is set up the Service provider settings. DO NOT make the mistake of uploading the certificate on the Service Provider tab. It is best to just generate one by checking that option. The Security Certificate is not really needed that is generated here, but it can optionally be uploaded when you set up the Service Provider (Connected App), on the Salesforce side. The benefit is if you upload the certificate on the connected app side of the configuration in Salesforce, Salesforce will only respond to requests from the service provider that has signed their requests with that certificate (i.e. – your wordpress blog).

Hope this helps.

Where are you planning on putting this employeeNumber value? in the saml_client.php you will see in the new_user function, how the SAML attributes are referenced in order to populate the object that is passed into the wp_insert_user method to create the user. You may want to look at making your modifications there. However, according to the documentation I find on the wp_insert_user method, it can only insert values into certain fields on the user record. See – https://codex.www.ads-software.com/Function_Reference/wp_insert_user. Not sure how this would work if you are putting this employeeNumber somewhere else related to the user.

I also am having problems with Multiple wordpress instances, but on the same domain. I have two separate WordPress instances (not multisite) on the same domain. One wordpress instance is a test area in a subdirectory. The primary wordpress site is on the root of the domain. It seems that when the login process begins, it takes the user to the proper IdP login area, and logs the user in , however once the login process is complete, it forwards the user to the root domain. If I manually attempt to navigate to the test process, it gives me an invalid username and password. I noticed the SimpleSAMLAuthToken cookie is set on the domain level. Would this prevent multiple sites on the same domain from Authenticating?