This plugin has been closed and is no longer available for download.

SAML 2.0 Single Sign-On

Description

SAML 2.0 Single Sign-On allows you to use any SAML 2.0-compliant Identity Provider for Single Sign-On to your blog or network of blogs. The plugin will replace the standard WordPress login screen and can automatically redirect login/logout requests to your SSO portal. Group membership from the Identity Provider (such as Active Directory) can be used to determine what privileges the user will have on your blog, such as Administrator, Editor, or Subscriber. This plugin uses a modified version of the SimpleSAMLPHP library for all SAML assertions, and can be configured exclusively from the WordPress Admin menu.

Installation

  1. Upload samlauth.zip to the `/wp-content/plugins/’ directory
  2. Activate the plugin through the ‘Plugins’ menu in WordPress
  3. Configure the “Identity Provider” and “Service Provider” sections of the plugin in the Settings > Single Sign-On menu.
  4. Enable the plugin to do authentication on the “General” section of the plugin.

FAQ

What does this plugin do with my passwords?

Because of the way SAML SSO systems work, this plugin is never aware of your password. When activated, you will always enter your password into your company’s SSO portal website, which will then pass an authentication token–not a real password–to the WordPress site.

Do I really need an SSL certificate to use this plugin?

You may have noticed the fields that ask you to upload an SSL certificate and private key. This is only necessary if you want users to initiate their login from your website, that is, by visiting the /wp-login.php URL on your site. Logins that originate from the SSO portal will work fine without this certificate. Because exchanging the certificate with your Identity Provider is part of the initial setup process, it is not necessary to have a publicly-signed (paid for) certificate. You can generate a self-signed certificate for free and use that.

Reviews

Works well!

Used this with an idp I created based on simplesamlphp and it works great.

Excellent – Works with Multisite and Standalone

SAML is hard. Most of the people here saying it doesn’t work probably don’t know how to do SAML properly.

I tested this plugin on 4.7 in multisite and standalone mode and it works great! There are some neat debugging strategies that simpleSAMLphp provides. Look into enabling the simpleSAMLphp admin dashboard for assistance with troubleshooting.

Couldn’t get it to work

The plugin does authentic but does not let the user into the Admin area – HTTP Error 302.

I’m connecting WordPress (SdP) to Salesfroce (IdP). Salesforce works and I can see the user has been logged in. But WordPress fails after authentication.

What is annoying is there isn’t any suitable documentation or anyone to contact for support.

Odd experiences

I tried installing this on a IIS box using latest WordPress (4.3.1) and found that the plugin seemed to remember settings after plugin was deleted and reinstalled.

I was unable to get this plugin to work, it seems to use .htaccess files rather than the web.config I needed. Although the keys were saved to the right folder, the metadata.php/1 file returned an error and the .cer file was returning 404 through the browser although a text file in the same folder rendered ok.

It’s a shame as this seems to be the only SAML plugin that isn’t reliant on a third party app / sign up. – In my case my client had their own ID provider.

Works fine

This plugin works fine on all our sites. We use simple SAML php as IdP.
Installation is quite simple and we’ve seen no errors up to this point.

Didn’t test it with multisite.

Read all 11 reviews

Contributors & Developers

“SAML 2.0 Single Sign-On” is open source software. The following people have contributed to this plugin.

Contributors

Changelog

0.9.4

  • Generate truly random passwords for new SAML users behind the scenes. Remove the requirement to be able to recreate that password in order to log in a user.

0.9.3

  • Adds the ability to map custom WordPress roles to users. (Contributed by @phille97)

0.9.2

  • Updates a few look-and-feel things to fit better with WP 3.8
  • Resolves an issue that was preventing the IdP from being recognized when adding IdP information manually.
  • Respects the redirect_to parameter in wp-login.php, allowing SAML logins to redirect users to any page of your choosing.
  • Adds an option to bypass SAML authentication and use the traditional method. With the option enabled, create and use a login URL like http://example.com/wp-login.php?use_sso=false

0.9.1

  • The plugin is feature-complete until v1.0. All updates between 0.9.0 and 1.0 will be strictly bugfixes or improvements.
  • Fewer warnings and errors when not all IdP attributes are specified.
  • If a user’s group membership changes at the IdP, their WordPress role will be changed accordingly at next login.

0.9.0

  • Added nonces and basic type-checking to admin pages for improved security.
  • Quick access to common attributes used by popular IdP’s including ADFS, OneLogin, and SimpleSAMLPHP
  • Extensive internal code improvements to improve maintainability

0.8.9

  • Status check lets you know when everything appears to be configured correctly.
  • Fixed an issue that prevented users from logging out if a Single Logout service was not specified.
  • Fixed an issue that caused SP settings to get out of sync when importing IdP settings from metadata.

0.8.8

  • IdP info can now be automatically loaded from a metadata URL.
  • Signing certificate can be automatically generated if you don’t know how (or don’t want to do it yourself). The generated certificate can be downloaded so you can share it with your IdP.

0.8.7

  • Uploading a certificate and private key is now optional, which makes IdP-initiated testing much simpler.
  • Folders and config files are created if they don’t already exist, which fixes many issues with various screens being blank.

0.8.6

  • Moved configuration files from plugins directory to a subdirectory in uploads to ensure the plugin doesn’t break itself when updated.