Fixed security issue with hard coded passwords that were generated for users that were automatically enrolled using SAML. It was wrongly assumed that these passwords would never be used if SAML takes over the normal login process. This turned out to be possible after all. An attacker could use XML-RPC calls to perform any actions that a SAML enrolled user could do. The authentication logic was fixed to prevent this. Also, there is now upgrade logic in place, which checks for existing vulnerable password hashes, and fixes that by setting them to a value that doesn't correspond to any password.
Cleanup, removal of deprecated function calls, small cosmetic changes.
Tested with 3.5.1 and simpleSAMLphp 1.10.0.
Fixed some bugs that occured when upgrading from 0.5.2 to 0.6.x
Documentation formatting update
Added check for illegal usernames
Cleaned up indentation and bracket use
Removed deprecated function calls
Added configuration options to select which attributes to use for username, First Name, Last Name, E-mail
Tested with 3.3.1 and simpleSAMLphp 1.8.2
Added patch by Sixto Martin to provide single logout functionality
Tested up to 3.1.4 alpha (svn18146)
Tested with simpleSAMLphp 1.8
Upgrade plugin to support WordPress 3.1
Tested with simpleSAMLphp 1.7
Fix logout, returns to home page now
Modify attributes to map with default LDAP attributes (for differerent attribute names please use (or update!) the attibute mapping in the simpleSAMLphp SP configuration)
Make it work again with latest WP (thanks to Ivo Jansch)
Use simpleSAMLphp 1.5 API
Requires: 3.0.0 or higher Compatible up to: 3.5.2 Last Updated: 2013-5-17 Active Installs: