WordPress › simpleSAMLphp Authentication

simpleSAMLphp Authentication

Authenticate users using simpleSAMLphp

Download Version 0.6.3

Download simpleSAMLphp version 1.5 or higher on your web server and configure it as a service provider.
Upload simplesaml-authentication.php to the wp-content/plugins/ directory of your WordPress installation.
Log in as administrator and activate the plugin. Go to the Options tab and configure the plugin. If applicable, configure an eduPersonEntitlement that will be mapped to the Administrator role. Decide which attribute to use for the username. Take into consideration that the sanatize_user() function will be called on the value of this attribute (see wp_includes/formatting.php) which will remove anything but lowercase alphanumeric, space, dot, dash, and @-sign, and truncate it to 60 characters. A check is done to prevent creation of accounts with wrong usernames. If the attribute you intend to use as username does have illegal characters, or is longer, you can work around this by using a hash of the username. Configure an extra attribute in simpleSAMLphp, for instance by applying an authproc filter like this:
```
25 => array(
    'class' => 'core:PHP',
    'code' => '$attributes["wp_userid"] =
        array(hash("sha224", $attributes["id_with_slashes"][0]));',
),
```
Then use wp_userid as the username attribute. Now STAY LOGGED IN to your original administrator account. You won't be able to log back in once you log out.
Open a different browser, or on another computer. Log in to your blog to make sure that it works.
In the first browser window, make the newly created user an Administrator. You can log out now. (Alternately, you can change some entries in the wp_usermeta table to make a new user the admin)
Disable Options -> General -> Anyone can register (they won't be able to)
Make sure you enable administration over SSL (see http://codex.wordpress.org/Administration_Over_SSL)