Support » Plugin: SAML SP Single Sign On - SSO » Freemium but good

Freemium but good

  • LiquidObject

    (@liquidobject)


    3 years, 7 months ago

    Was looking for a solution to handle a Multi-site WP install front-ending an ADFS farm.

    The Free version of the product is good for testing it out and possibly internal development but get the paid version for Production. Paid version gets you a lot more options and encrypts the relaying party trust traffic.

    DIY vs Premium is licensed for the same features, Premium just adds in paid support. If you need to handle multiple instances, there is very reasonable volume discounting available.

    Overall took probably 3-4 minutes per instance to get the plugin installed and all users using the SSO functionality.

Viewing 1 replies (of 1 total)
  • LiquidObject

    (@liquidobject)

    3 years, 6 months ago

    As the directions are a little bit vague for WP multi-site deployments as the plugin can be deployed everywhere with a single click but needs to be configured per site.

    While the free version can work for multi-site installs technically, imo it’s worth getting the paid for version as it will save you a large amount of time and be more secure.

    1) Install plugin into the plugin directory
    2) Network Activate the plugin for all sites

    If you have a small number of sites:
    3) Configure your IDP’s relaying party trusts for each site
    4) Configure the SSO for each site and copy/paste between the configurations.

    If you have a large number of sites:
    In this scenario you’ll need to batch load almost everything on the back-end.
    3) Configure your IDP’s relaying party trust for your first site
    4) Configure the SSO options for the first site and make sure everything is working with it.
    5) In MySQL query the wp_options tables for the above site and perform an export on the mo_saml_* and saml_* rows to generate your insert statements used later.
    6) In mysql generate a list of all the wp_*_option tables
    7) With having the list of tables that need to be adjusted, generate a list of insert statements from the data generated by the last two steps. At this point just generate the list of insert statements and do not actually run them yet.
    8) From that list of tables query each table to obtain the ‘siteurl’ value…. select option_value from wp_100_options where option_name = ‘siteurl’
    8) From this regex or use excel to strip down the url to the actual site name. Once you have the raw site name you in mass generate a list of all the Metadata locations.
    9) Bulk load into your IDP (of your choice) the large number of new Relaying-Party Trusts (with ADFS 3.0 or later the Add-ADFSRelyingPartyTrust is available from PowerShell).
    10) Run the set of database inserts from step 7 to bring everything live.

    Also worth noting the company behind the plug-in is based out of India so if you need to get in touch with them keep in mind the time-zone difference.

    They do offer consulting services for deployments if you need it. When working with support while very good keep in mind the time zone differences as they are based in India.

Viewing 1 replies (of 1 total)
  • The topic ‘Freemium but good’ is closed to new replies.

Views