WordPress.org

Ready to get started?Download WordPress

Forums

SAML 2.0 Single Sign-On
[resolved] Simplesamlphp Error (5 posts)

  1. dmaddi@softrim.com
    Member
    Posted 1 year ago #

    Everything seems to be setup correctly, however when I login I get an error from Simplesamlphp.

    Caused by: Exception: Unable to validate Signature

    Any clue on what the issue might be?

    http://wordpress.org/extend/plugins/saml-20-single-sign-on/

  2. ktbartholomew
    Member
    Plugin Author

    Posted 1 year ago #

    I can't say definitively what's going wrong with just that error message. Depending on your sign-on flow, it could be a number of different things.

    Assuming you're doing an SP-initiated login, (WordPress-first) the most likely culprits are that you have not uploaded or generated a signing certificate, or that the signing certificate that ADFS has does not match the one at your SP.

    If you'll upload or link to the XML of your SAML communications, we should be able to see what's going wrong.

  3. dmaddi@softrim.com
    Member
    Posted 1 year ago #

    To be honest I am not sure what happened, however I was able to fix the issue by uninstalling the plugin, and deleting all of the file, then reinstalling and setting everything back up again. After uploading the certificate files again it worked ok. I do have another issue and I am uncertain if I should post another top, or place it here though. Now it seems to be logging me in, and then I get the following: "The website administrator has not given you permission to log in". I have created all of the groups WP-Administrator, WP-Editor, WP-Author, WP-Contrib, WP-Subscriber. Created and assigned the same security group in AD and assigned the user that is logging in to the WP-Administrator group. Thoughts?

  4. ktbartholomew
    Member
    Plugin Author

    Posted 1 year ago #

    Again, it's hard to say for sure without seeing the XML that the IdP is passing to WordPress. That error message should only appear if the user has none of the predefined groups, AND you have unchecked the box to allow unlisted users. Otherwise, at a minimum, users should be given the role of subscriber by default. I would check to be sure that the ADFS group claim is being mapped correctly to the attribute that the plugin expects.

  5. dmaddi@softrim.com
    Member
    Posted 1 year ago #

    I fixed it. It was not passing in the AD groups as a claim. Working well now...

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.