Support » Plugin: Active Directory Integration » Any ideas how to create a Single Sign On?

  • For a company intranet we are looking for a solution where logging in to the company network in the morning will sign you into the WordPress based intranet too. The idea is not having to log in twice as we already know who you are and to make it as easy as possible to use the intranet. As there are 400+ employees, and there are quite some mutations, we believe a bulk import of users is not the best or most flexible solution..

    The flow would be:

      Log in to workspace
      Open up browser with intranet as startpage
      Intranet recognises user and immediately logs you in

    Any ideas here? Anyone who already build something like this?

    http://wordpress.org/extend/plugins/active-directory-integration/

Viewing 15 replies - 1 through 15 (of 16 total)
  • I was just about to post the exact same question that you have. This plugin works great but our website is hosted externally, and it takes about 10-15 seconds to authenticate. Single sign on, or even somehow accessing the cached password token would be such a huge leap forward! Alternatively, is there any way to speed up the authentication? I know that 10-15 seconds isn’t really that long, but it seems like it is when you are staring at the monitor! Thanks.

    Plugin Author glatze

    (@glatze)

    SSO is on my agenda for one of the next releases.

    It’s something I was planning on getting my head around too – would be great if the plugin could facilitate this!

    With IIS, it supports integrated authentication which authenticates user transparently if browser is configured correctly.
    With Apache on Windows, a module called SSPI can achieve same result.
    Once this web server based authentication mechanism is implemented, use a plugin such as HTTP authentication to pass authenticated user information to WP.

    Hi @glatze do you know when you may have that sso functionality, I desperately need it and would be willing to pay you for the development of it. Let me know. thanks

    Yes, has there been any progress on SSO? I’m developing an intranet site for our company as well and SSO functionality would be highly preferred.

    hi @glatze and @stimsonm,

    i’m very interesting by SSO too. Some news ?
    Glatze are you yet here ?

    Stimsonm, in another question in a forum (about Active Directory Integration with roles scoper : http://wordpress.org/support/topic/use-active-directory-integration-with-custom-roles?replies=5 ) you said “I confirmed this, this works great, thanks everyone. ”

    Can you please help me :

    i try to use both this plugin and role scoper.

    with role scoper :
    i have made a wp role named “students”.

    With ldap :
    my user ldap as for Distinguished Name CN=nameuser,OU=Students,DC=bag,DC=localisation,DC=com

    with Active Directory Integration :
    setting are :
    Base DN -> dc=bag,dc=localisation,dc=com for server
    Role Equivalent Groups -> Students=students

    I can login or use test tool succesfully, but the user hasn’t his account bind to student (role scoper) group…

    where is the problem. Thanks.

    you can reply here : http://wordpress.org/support/topic/active-directory-integration-with-roles-scoper?replies=1

    Also wondering about SSO. An update would be greatly appreciated!

    I’ve got SSO working with IIS 7.5 & this plugin, just an FYI for those running IIS: http://blog.maartenballiauw.be/post/2011/05/04/Wordpress-auto-sign-on-with-IIS7-and-a-plugin.aspx

    @j_walker How have you got the two plugins working together? I have an issue where the authentication occurs but ADI does not perform the LDAP lookup once authentication has occurred.

    Lee, i’ve never really checked to see if that side of it was working correctly with the SSO plugin. I had already setup a scheduled task on the server to run the ADI bulk import once daily. In our environment, this works just fine, since we aren’t making any frequent changes/additions to our AD users. The bulk import will eventually take care of them if it didn’t during sign-on.

    I’m in the same predicament. SSO works, but it wont assign a user to the user group I specify…..

    So haven’t read every reply but I use this plugin for our corporate intranet. I use the bulk import or let the user login the first time with their credentials to create their account and then in the my theme function.php file I use the following code for SSO.

    function auto_login() {
    	$redirect_to = !empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : home_url('/');
    	if (!is_user_logged_in() && isset($_SERVER['REMOTE_USER'])) {
    		$user_login = substr($_SERVER['REMOTE_USER'], strrpos($_SERVER['REMOTE_USER'],'\\')+1, strlen($_SERVER['REMOTE_USER'])-strrpos($_SERVER['REMOTE_USER'],'\\'));
    		$user = get_user_by('login',$user_login);
    		if($user) {
    	    	do_action('wp_login', $user->user_login, $user);
       			wp_set_current_user( $user->ID );
        		wp_set_auth_cookie( $user->ID );
    	    	wp_safe_redirect($redirect_to);
    			exit();
    		}
        }
    	if(!isset($_SERVER['REMOTE_USER'])) {
    		//
    	}
    }
    add_action('init', 'auto_login');

    I tried the code above, but it didn’t seem to do anything
    Not too sure how to implement it. I have WordPress installed on a local AMPPS stack. The AD server is on the local network.

    Will this work cross-browser?

Viewing 15 replies - 1 through 15 (of 16 total)
  • The topic ‘Any ideas how to create a Single Sign On?’ is closed to new replies.