Since this plugin extends the Shibboleth plugin, you must first have the Shibboleth plugin, available from https://wordpress.org/extend/plugins/shibboleth/
installed and activated. Otherwise, the plugin will fail to activate as the shibboleth_user_role filter hook will not be registered.
To use this plugin, you must already have the following setup on your server:
1. The above Shibbleth plugin.
2. UF Shibboleth ARP-Groups associated with your URN
3. A UFAD group created for each of the WordPress roles (administrator, editor, author, contributor, and subscriber).
- It’s not working. What should I check?
First, check for typos on the options page and ensure you’ve spelled your UFAD groups correctly.
Second, double check that your Shibboleth SP is vending the UFADGroupsDN attribute from ARP-Groups.
Refer to the UF Shibboleth PHP code examples at http://www.it.ufl.edu/identity/shibboleth/technicalcodeexamples.html
for ideas. If you are unsure what this means, have an adult do this for you.
If $_SERVER['UFADGroupsDN'] for Apache or `$_SERVER['HTTP_UFADGROUPSDN']` for IIS is not present, then complete
the correct application to add ARP-Groups to your UF Shibboleth URN.
If you verify
$_SERVER['UFADGroupsDN']is present, check for the value(s) you entered on the plugin options page. If they are not present,
you have UFAD group membership problem. If they are present, check for special characters. The plugin only allows a-z, A-Z, 0-9 and – (as in a hyphen or dash).
If you’ve used other characters, rename the group to elimated the disallowed characters.
- What if I’ve done all that and it still doesn’t work?
Contact the plugin author(s), who will respond in a vague and unspecified amount of time.
- Corrected typo in code. Minor fix, but very large impact.
- Discovered that with multisite enabled, the server variables will sometimes present as prepended with REDIRCT_ when in a subsite. E.G. UFADGroupsDN will sometimes appear
REDIRECT_UFADGroupsDN. The code has been extended to accomdate this.
*As a side note, the Shibboleth plugin UGRM extends appears to have been abandoned. As we’ve already made code changes to enable the Shibboleth plugin to work
with the new WordPress enabled for multisite, and we had to graft on further changes for the REDIRECT_ behavior, we plan to release a fork of the Shibboleth plugin.
- Fixed a glaring bug in when “Force Shibboleth return target to HTTPS” was checked and return target was already https the target would be munged to httpss.
- Discovered Shibboleth on IIS prepends all Shibboleth server variables with a HTTP_ prefix because the variables are populated via CGI as IIS does not support
environment variables (for details, check out: https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPAttributeAccess). Plugin now inspects SERVER_SOFTWARE
variable and adjusts accordingly.
- Fixed header in UGRM.php to resolve current version display on WordPress site.
- Attempting to correct WordPress SVN tagging for current
- Still working on SVN versioning
- New version number to resolve wonkyness with WordPress SVN.
- Added a configuration option for requiring HTTPS on the return target. This hooks into the Shibboleth provided shibboleth_seesion_initiator_url filter and ensures
the return target uses HTTPS. This allows you seemless provide a Shibboleth integrated WordPress site where the content side is delivered via HTTP and the admin
side is delivered VIA HTTPS. The default Shibboleth plugin behavior is to construct the return target using the current protocol, e.g. if you click the login link from
HTTP, your return target would be for HTTP. UGRM now allows you to overide this behavior and alwasy use a HTTPS return target.
- Initial Release