Support » Plugin: Force Login » miniOrange SAML plugin integration

  • Resolved jweierman

    (@jweierman)



    Hey Kevin, I’m using miniOrange SAML 2.0 SSO plugin to login and authenticate new users. Is there a way to use Force Plugin with that? Currently, your plugin forces users to a wp-admin screen, which won’t accept SSO credentials.

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Author Kevin Vess

    (@kevinvess)

    Hi– thanks for using Force Login!

    I’m not familiar with this plugin, could you expand on this issue– what exactly happens when you attempt to login with this SSO plugin?

    Just to be sure– does the SSO plugin work when Force Login is disabled?

    After looking at the SSO plugin code, it should be able to redirect you to your Identity Provider (IdP) – but when it tries to return you back to the WordPress site, are you sent back to the login screen before the SSO plugin has logged you in?

    The SSO plugin code indicates this string as the returnurl:

    "&returnurl=" . urlencode( site_url() . "/?option=readsamllogin"

    Based on the SSO plugin’s returnurl, does adding the following bypass filter for Force Login resolve this issue?

    /**
     * Bypass Force Login to allow for exceptions.
     *
     * @param bool $bypass Whether to disable Force Login. Default false.
     * @return bool
     */
    function my_forcelogin_bypass( $bypass ) {
      if ( isset( $_GET['option'] ) && $_GET['option'] == 'readsamllogin' ) {
        $bypass = true;
      }
      return $bypass;
    }
    add_filter( 'v_forcelogin_bypass', 'my_forcelogin_bypass' );
    • This reply was modified 7 months, 1 week ago by  Kevin Vess.
    • This reply was modified 7 months, 1 week ago by  Kevin Vess.

    miniOrange places a link on our page that directs the user through an SSO process.

    When using Force Login, the login screen that is forced is a wordpress login, rather than directing them through the SSO process.

    Maybe it’s too general of a question as I don’t have as much knowledge of the SSO functionality (our IT Team helped get it functioning), but does that help clarify? Will the code you suggested above help return the functionality from the SSO rather than the wordpress login?

    I’ll ping our IT Team and have them review this as well with any other input they can share.

    Plugin Author Kevin Vess

    (@kevinvess)

    Will the code you suggested above help return the functionality from the SSO rather than the wordpress login?

    The code I suggested is untested. It might fix the conflict between the two plugins and allow the SSO plugin to finish it’s sign-on process. You’ll have to test it and see.

    Also– keep in mind, that suggested code would allow access to any page if a visitor adds the ?option=readsamllogin query string to the URL.

    After testing and confirming that code fixes the SSO issue, you might want to harden that bypass conditional to also check if is_home or is_frontpage (depending on how you setup your site).

    Let me know if that code fixes the issue, in case others run into this same problem.

    Unfortunately, it didn’t seem to work. It still directs me to the wordpress login screen.

    I’ll play with it a bit more now that I know where to modify the code and see what I can do and will post any updates here.

    Thanks for your help.

    We think we’re on the right track. Is there a way to change this code to redirect to a URL of our choosing instead of the wp-login page?

    function v_forcelogin() {

        // Redirect
        if ( preg_replace( '/\?.*/', '', $url ) != preg_replace( '/\?.*/', '', wp_login_url() ) && ! in_array( $url, $whitelist ) && ! $bypass ) {
          $redirect_url = apply_filters( 'v_forcelogin_redirect', $url );
          wp_safe_redirect( wp_login_url( $redirect_url ), 302 ); exit;
    • This reply was modified 7 months, 1 week ago by  jweierman.
    • This reply was modified 7 months, 1 week ago by  jweierman.
    Plugin Author Kevin Vess

    (@kevinvess)

    As you’ve pointed out– Force Login uses the wp_login_url() function to specify where to send visitors to when they try to access your site.

    If you want to change that URL, the wp_login_url() function offers a login_url filter you could use to change what the login URL is.

    /**
     * Filters the login URL.
     *
     * @since 2.8.0
     * @since 4.2.0 The <code>$force_reauth</code> parameter was added.
     *
     * @param string $login_url    The login URL. Not HTML-encoded.
     * @param string $redirect     The path to redirect to on login, if supplied.
     * @param bool   $force_reauth Whether to force reauthorization, even if a cookie is present.
     */
    return apply_filters( 'login_url', $login_url, $redirect, $force_reauth );

    However, I recommend you use the v_forcelogin_bypass filter I suggested above to bypass Force Login for whatever condition necessary to allow this SSO plugin to work.

    Also– if the issue is with the wp_login_url() function and where it considers the login URL to be, then maybe the SSO plugin should already change/filter the wp_login_url() function?

    Let me know how you get this working, in case others experience the same issue.

    Thanks!

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘miniOrange SAML plugin integration’ is closed to new replies.