This SAML plugin eliminates passwords and allows you to authenticate WordPress users (typically editors) against your existing Active Directory or LDAP server as well increase security using YubiKeys or VeriSign VIP Access via OneLogin. OneLogin is pre-integrated with thousands of apps and handles all of your SSO needs in the cloud and behind the firewall.
- Eliminate passwords in WordPress
- Allow users to sign into WordPress with their Active Directory or LDAP credentials
- Give users one-click access from your intranet
- Increase security using browser PKI certificates or two-factor authentication from Yubico or VeriSign
- Easily prevent access from former employees and contractors
If you used this plugin before 2.2.0 with just-in-time provision active, Read: https://wpvulndb.com/vulnerabilities/8508
To mitigate that bug, place the script at the root of wordpress and execute it (later remove it) https://gist.github.com/pitbulk/a8223c90a3534e9a7d5e0a93009a094f
I appreciated the work you put into this. Tested with OneLogin SSO on a multisite’s child site. Worked great!
Contributors & Developers
“OneLogin SAML SSO” is open source software. The following people have contributed to this plugin.Contributors
- Relax Destination check.
- On SLS, Print errors, not lastError (it will be printed if debug enabled)
- Update php-saml library to 2.10.0 (it includes SAML Signature Wrapping attack prevention and other security improvements).
- Update php-saml library to 2.9.0 (it includes SAML Signature Wrapping attack prevention).
- Update php-saml library to 2.8.0
- Use the worpress roles API to generate the options for the mappings a nd use these mappings to set the user role. Add Role precedence support.
- Add alternative ACS URL (WPEngine compatible)
- Update php-saml library to 2.7.0
- Fix SAML link
- Uncomment out filter based custom role code
- Add ‘Keep Local login’ functionality in order to prompt the normal login form + a SAML link instead of directly execute the SP-initiaited SSO flow
- Fix changelog
- Update php-saml library to 2.6.1
- Password security issue
- Add alternative solution/documentation about custom roles (php/functions.php L167)
- Call exit after any error message or redirection
- Improve the role/group support when multiple values on a single attribute statement.
- Prevent to auto-update the role of the superuser
- Add NameIDFormat support.
- Add requestedAuthnContext support.
- SessionIndex and nameID is now passed to the IdP
- Now retrieveParametersFromServer can be activated
- Update php-saml library to 2.5.0
- Remove deprecated method wp_login
- SLS inprovement
- Refactor sso/slo flow
- Added stay when slo and forced logn
- Updated the php-saml toolkit (now 2.2.0)
- Added more Customization related to change password, reset password, change mail
- Fix minor bugs. Add customRole support (editing php/functions.php file, review commented code)
- Fix bug introduced in the reimplementation
- Reimplement the plugin architecture (was an independent plugin, now depends on wordpress).
- Update the php-saml toolkit
- Improve the i18n support
- Improve base url and pase path
- Override user registration or reset password links to link 3rd party (like IdP) urls.
- Fix bug when role attribute carry a space as attribute
- Based on the new php toolkit, added many functionalities: JIT, SLO.
- Fixed installation issue.
- First version.