This plugin is designed to support integrating your WordPress or WordPress MU
blog into your existing identity management infrastructure using a
Shibboleth Service Provider.
WordPress can be configured so that all standard login requests will be sent to
your configured Shibboleth Identity Provider or Discovery Service. Upon
successful authentication, a new WordPress account will be automatically
provisioned for the user if one does not already exist. User attributes
(username, first name, last name, display name, nickname, and email address)
can be synchronized with your enterprise’s system of record each time the user
logs into WordPress.
Finally, the user’s role within WordPress can be automatically set (and
continually updated) based on any attribute Shibboleth provides. For example,
you may decide to give users with an eduPersonAffiliation value of faculty
the WordPress role of editor, while the eduPersonAffiliation value of
student maps to the WordPress role contributor. Or you may choose to limit
access to WordPress altogether using a special eduPersonEntitlement value.
Contribute on GitHub
- What is Shibboleth?
From the Shibboleth homepage:
The Shibboleth System is a standards based, open source software package for
web single sign-on across or within organizational boundaries. It allows
sites to make informed authorization decisions for individual access of
protected online resources in a privacy-preserving manner.
- Can I extend the Shibboleth plugin to provide custom logic?
Yes, the plugin provides a number of new actions and filters that can
be used to extend the functionality of the plugin. Search
occurances of the function calls
do_actionto find them
all. Then write a new plugin that makes use of the hooks. If your require
additional hooks to allow for extending other parts of the plugin, please
notify the plugin authors via the support forum.
Before extending the plugin in this manner, please ensure that it is not
actually more appropriate to add this logic to Shibboleth. It may make more
sense to add a new attribute to your Shibboleth Identity Provider’s attribute
store (e.g. LDAP directory), or a new attribute definition to the Identity
Provider’s internal attribute resolver or the Shibboleth Service Provider’s
internal attribute extractor. In the end, the Shibboleth administrator will
have to make that call as to what is most appropriate.
version 1.7 (2016-03-20)
- fixed a security vulnerability reported by WordPress security team
- load multisite options correctly; thanks to jdelsemme for reporting
- updated htaccess setting strings; props dericcrago
- fix reauth loop; props jrchamp
- set l10n text domain; props jrchamp
version 1.6 (2014-04-07)
- tested for compatibility with recent WordPress versions; now requires WordPress 3.3
- options screen now limited to admins; props billjojo
- new option to auto-login using Shibboleth; props billjojo
- remove workaround for MU
add_site_option; props billjojo
version 1.5 (2012-10-01)
- Bugfix: check for
Shib_Session_IDas well as
Shib-Session-IDout of the box. Props David Smith
version 1.4 (2010-08-30)
- tested for compatibility with WordPress 3.0
- new hooks for developers to override the default user role mapping controls
- now applies
sanitize_name()to the Shibboleth user’s
version 1.3 (2009-10-02)
- required WordPress version bumped to 2.8
- much cleaner integration with WordPress authentication system
- individual user profile fields can be designated as managed by Shibboleth
- start of support for i18n. If anyone is willing to provide translations, please contact the plugin author
version 1.2 (2009-04-21)
- fix bug where shibboleth users couldn’t update their profile. (props pchapman on bug report)
- fix bug where local logins were being sent to shibboleth
version 1.1 (2009-03-16)
- cleaner integration with WordPress login form (now uses a custom action instead of hijacking the standard login action)
- add option for enterprise password change URL — shown on user profile page.
- add option for enterprise password reset URL — Shibboleth users are auto-redirected here if attempt WP password reset.
- add plugin deactivation hook to remove .htaccess rules
- add option to specify Shibboleth header for user nickname
- add filters for all user attributes and user role (allow other plugins to override these values)
- much cleaner interface on user edit admin page
- fix bug with options being overwritten in WordPress MU
version 1.0 (2009-03-14)
- now works properly with WordPress MU
- move Shibboleth menu to Site Admin for WordPress MU (props: Chris Bland)
- lots of code cleanup and documentation
- initial public release