SimpleSAMLphp is a simple application written in native PHP that deals with
authentication. SimpleSAMLphp supports several federation protocols,
authentication mechanisms and can be used both for local authentication, as a
service provider or as an identity provider
This plugin uses some hooks in WordPress’s authentication system to bypass the
normal login screen and authenticate using a simpleSAMLphp Service Provider
(SP) instead. Note that logged-in state is still maintained in cookies, and
user entries are created in the local database.
Who made this?
- What version of simpleSAMLphp is needed?
Starting from version 0.3.0 the plugin requires simpleSAMLphp 1.5 or higher. Use version 0.2.x of this plugin for simpleSAMLphp < 1.5 support.
- Fixed security issue with hard coded passwords that were generated for users that were automatically enrolled using SAML. It was wrongly assumed that these passwords would never be used if SAML takes over the normal login process. This turned out to be possible after all. An attacker could use XML-RPC calls to perform any actions that a SAML enrolled user could do. The authentication logic was fixed to prevent this. Also, there is now upgrade logic in place, which checks for existing vulnerable password hashes, and fixes that by setting them to a value that doesn’t correspond to any password.
- Cleanup, removal of deprecated function calls, small cosmetic changes.
- Tested with 3.5.1 and simpleSAMLphp 1.10.0.
- Fixed some bugs that occured when upgrading from 0.5.2 to 0.6.x
- Version bump
- Documentation formatting update
- Added check for illegal usernames
- Cleaned up indentation and bracket use
- Removed deprecated function calls
- Added configuration options to select which attributes to use for username, First Name, Last Name, E-mail
- Tested with 3.3.1 and simpleSAMLphp 1.8.2
- Added patch by Sixto Martin to provide single logout functionality
- Tested up to 3.1.4 alpha (svn18146)
- Tested with simpleSAMLphp 1.8
- Upgrade plugin to support WordPress 3.1
- Tested with simpleSAMLphp 1.7
- Fix logout, returns to home page now
- Modify attributes to map with default LDAP attributes (for differerent attribute names please use (or update!) the attibute mapping in the simpleSAMLphp SP configuration)
- Make it work again with latest WP (thanks to Ivo Jansch)
- Use simpleSAMLphp 1.5 API