Daniel Bachhuber

It seems like your application password or the authorization header isn’t working, for whatever reason. I can’t diagnose further without access to your system.

It seems like the user parameter isn’t present in your request.

Can you share more detail about how you’re constructing the request?

If I had to guess, maybe you’re missing the application/json Content-Type header.

• This reply was modified 1 year ago by Daniel Bachhuber.

Hey @poppydev,

Makes sense! I appreciate your concern ??

I’m not hugely worried about this right now, but I’ll keep your suggestions in mind for the future.

Thanks!

Hey @poppydev!

Are you planning on updating it to remove this message or check if their is any new vulnerabilities since WordPress and PHP have updated in that time?

Sorry about that! I’ve updated the “Tested Up To” version number.

What are your policies if this is installed on thousands of users website without their consent and support is stopped/removed in any way?

I’m not sure I understand. Can you clarify?

This plugin is an open source plugin anyone is free to install. I don’t have any control over how folks use it.

Glad you find it useful!

Thanks for the review, @semseysandor ??

Hey @xintv123,

If $_SERVER['CACHE_HOST'] is set, you can specify a Redis database with $_SERVER['CACHE_DB'].

Here’s the logic around how the database details are retrieved: https://github.com/pantheon-systems/wp-redis/blob/7dae4488e68ac71a40d7208581651e1ad758ac1b/object-cache.php#L1156-L1172

Hope this helps! Let me know if we can clarify further.

I like it! ??

Great!

Thank you again for all your help with me trying to figure out this plugin and how to wrangle it for my environment.

You’re welcome ??

A line or two on the “Installation” page, just to reinforce that if you filter anything, you’ll have to specify settings for everything.

What do you think about this new language?

If you’re feeling really ambitious, maybe a widget on the Settings page that will export your current settings into a code block, ready to be cut-and-pasted into a filter.

We’ll keep it under consideration!

Speaking of things that might be more confusing, I wonder whether it’s worth hiding the GUI page entirely if there’s a filter, since the page only exists to say “this page does nothing.”

I thought about that before. I wouldn’t want a user to be confused about why the page wasn’t appearing though, so opt-ed for the message instead.

Thanks for reporting back, @desmith!

And once you do an add_filter('wp_saml_auth_option'), the plugin’s GUI no longer is accessible.

Good point. Is there anything you think we could clarify on the messaging?

(I think if you put in any settings before doing that, they’d still take effect, but that feels like a really nasty trap to set for yourself, so don’t.)

To clarify: if you’ve manually added the filter, the GUI settings are completely disabled.

Sounds good! Let us know what you find.

Hey @desmith,

There’s a wp_saml_auth_option filter but I’m not sure if it only affects the config values specified in the wpsa_filter_option function right above it, or if I can use it to set other arbitrary configuration settings that aren’t part of the plugin’s GUI.

You can use it to set other arbitrary configuration settings that aren’t a part of the plugin’s GUI. The internal_config attribute is passed directly to the OneLogin class.

Hope this helps! Let me know if there are any other questions I can help with.

Hey @acurran,

Here’s a Stack Overflow thread that seems relevant:

When using this option, CodeIgniter stores session data in a table called ci_sessions, specifically in the ‘data’ column. By default, CodeIgniter creates this column as a blob datatype which has a maximum data size of 65,535 bytes. My application was exceeding that size and throwing the error. To remedy the issue, I changed the datatype to mediumblob which has a maximum size of 16,777,215 bytes. Afterwards, my application no longer generated the error and worked as expected.

In WP Native PHP Sessions v1.2.4 (released September 2021), we “increase[d] data blob size from 64k to 16M for new session tables; existing tables will need to manually modify the column if they want to apply this change”.

My guess would be that your session blob is exceeding the size supported by the column, and you’ll need to manually alter your database column.

Hope this helps!

You’re welcome! Glad you were able to get it working, and thanks for sharing your findings for future readers ??

Does new_user_authenticated only trigger on a user’s first logon, and existing_user_authenticated only trigger on subsequent logons?

Correct.

Is there one that triggers for all successful logons, both new and existing? That’ll help me avoid duplicating code.

No. For better or for worse, it’s two separate actions.

Should I just abstract that code into a separate function and call it for both new_user and existing_user events?

Yep, that’d work just fine!

Hey @desmith,

Have you looked into the wp_saml_auth_new_user_authenticated and the wp_saml_auth_existing_user_authenticated filters? I’d think the second $attributes argument would contain all of the data you’d need.