Active Directory Integration
Any ideas how to create a Single Sign On? (17 posts)

  1. taeke
    Posted 3 years ago #

    For a company intranet we are looking for a solution where logging in to the company network in the morning will sign you into the WordPress based intranet too. The idea is not having to log in twice as we already know who you are and to make it as easy as possible to use the intranet. As there are 400+ employees, and there are quite some mutations, we believe a bulk import of users is not the best or most flexible solution..

    The flow would be:

      Log in to workspace
      Open up browser with intranet as startpage
      Intranet recognises user and immediately logs you in

    Any ideas here? Anyone who already build something like this?


  2. jseth
    Posted 3 years ago #

    I was just about to post the exact same question that you have. This plugin works great but our website is hosted externally, and it takes about 10-15 seconds to authenticate. Single sign on, or even somehow accessing the cached password token would be such a huge leap forward! Alternatively, is there any way to speed up the authentication? I know that 10-15 seconds isn't really that long, but it seems like it is when you are staring at the monitor! Thanks.

  3. glatze
    Plugin Author

    Posted 3 years ago #

    SSO is on my agenda for one of the next releases.

  4. Joff Crabtree
    Posted 3 years ago #

    It's something I was planning on getting my head around too - would be great if the plugin could facilitate this!

  5. fredwen
    Posted 3 years ago #

    With IIS, it supports integrated authentication which authenticates user transparently if browser is configured correctly.
    With Apache on Windows, a module called SSPI can achieve same result.
    Once this web server based authentication mechanism is implemented, use a plugin such as HTTP authentication to pass authenticated user information to WP.

  6. stimsonm
    Posted 3 years ago #

    Hi @glatze do you know when you may have that sso functionality, I desperately need it and would be willing to pay you for the development of it. Let me know. thanks

  7. J_Walker
    Posted 3 years ago #

    Yes, has there been any progress on SSO? I'm developing an intranet site for our company as well and SSO functionality would be highly preferred.

  8. macandco
    Posted 3 years ago #

    hi @glatze and @stimsonm,

    i'm very interesting by SSO too. Some news ?
    Glatze are you yet here ?

    Stimsonm, in another question in a forum (about Active Directory Integration with roles scoper : http://wordpress.org/support/topic/use-active-directory-integration-with-custom-roles?replies=5 ) you said "I confirmed this, this works great, thanks everyone. "

    Can you please help me :

    i try to use both this plugin and role scoper.

    with role scoper :
    i have made a wp role named "students".

    With ldap :
    my user ldap as for Distinguished Name CN=nameuser,OU=Students,DC=bag,DC=localisation,DC=com

    with Active Directory Integration :
    setting are :
    Base DN -> dc=bag,dc=localisation,dc=com for server
    Role Equivalent Groups -> Students=students

    I can login or use test tool succesfully, but the user hasn't his account bind to student (role scoper) group...

    where is the problem. Thanks.

    you can reply here : http://wordpress.org/support/topic/active-directory-integration-with-roles-scoper?replies=1

  9. CAShadle
    Posted 2 years ago #

    Also wondering about SSO. An update would be greatly appreciated!

  10. J_Walker
    Posted 2 years ago #

    I've got SSO working with IIS 7.5 & this plugin, just an FYI for those running IIS: http://blog.maartenballiauw.be/post/2011/05/04/Wordpress-auto-sign-on-with-IIS7-and-a-plugin.aspx

  11. Lee Hord
    Posted 2 years ago #

    @j_Walker How have you got the two plugins working together? I have an issue where the authentication occurs but ADI does not perform the LDAP lookup once authentication has occurred.

  12. J_Walker
    Posted 2 years ago #

    Lee, i've never really checked to see if that side of it was working correctly with the SSO plugin. I had already setup a scheduled task on the server to run the ADI bulk import once daily. In our environment, this works just fine, since we aren't making any frequent changes/additions to our AD users. The bulk import will eventually take care of them if it didn't during sign-on.

  13. mclong
    Posted 2 years ago #

    I'm in the same predicament. SSO works, but it wont assign a user to the user group I specify.....

  14. PyroSteveJr
    Posted 2 years ago #

    So haven't read every reply but I use this plugin for our corporate intranet. I use the bulk import or let the user login the first time with their credentials to create their account and then in the my theme function.php file I use the following code for SSO.

    function auto_login() {
    	$redirect_to = !empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : home_url('/');
    	if (!is_user_logged_in() && isset($_SERVER['REMOTE_USER'])) {
    		$user_login = substr($_SERVER['REMOTE_USER'], strrpos($_SERVER['REMOTE_USER'],'\\')+1, strlen($_SERVER['REMOTE_USER'])-strrpos($_SERVER['REMOTE_USER'],'\\'));
    		$user = get_user_by('login',$user_login);
    		if($user) {
    	    	do_action('wp_login', $user->user_login, $user);
       			wp_set_current_user( $user->ID );
        		wp_set_auth_cookie( $user->ID );
    	if(!isset($_SERVER['REMOTE_USER'])) {
    add_action('init', 'auto_login');
  15. Laurence
    Posted 2 years ago #

  16. gurdain
    Posted 2 years ago #

    I tried the code above, but it didn't seem to do anything
    Not too sure how to implement it. I have WordPress installed on a local AMPPS stack. The AD server is on the local network.

    Will this work cross-browser?

  17. marshalld
    Posted 2 years ago #

    I posted this about a month ago.


    We have been using the changes for a while and everything is going well.

    I've recently made a minor change to include code for the note and to stop updating the passowrd on SSO (because this was causing issues with verification of the wordpress_logged_in_* cookie when multiple browsers were being used.

    The minor change is here:
    else {
    if (strpos($username, '@') !== FALSE) {
    $account_suffix = substr($username, strpos($username, '@'));
    $username = substr($username, 0, strpos($username, '@'));
    $password = wp_generate_password();
    $this->_auto_update_password = false;

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • Active Directory Integration
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic