Hi!
Do you have the patch to solve the login problem? I am using WP 3.5 MU but everytime I log in through my IdP I get redirected to wp-login.php without being logged to WP…
function authenticate(&$username, &$password) {
global $simplesaml_authentication_opt, $simplesaml_configured, $as;
if (!$simplesaml_configured) {
die("simplesaml-authentication plugin not configured");
}
// Reset values from input ($_POST and $_COOKIE)
$username = $password = '';
$as->requireAuth();
$attributes = $as->getAttributes();
/*
* Only allow usernames that are not affected by sanitize_user(), and that are not
* longer than 60 characters (which is the 'user_login' database field length).
* Otherwise an account would be created but with a sanitized username, which might
* clash with an already existing account.
* See sanitize_user() in wp-includes/formatting.php.
*/
if(empty($simplesaml_authentication_opt['username_attribute'])) {
$username = $attributes['uid'][0];
} else {
$username = $attributes[$simplesaml_authentication_opt['username_attribute']][0];
}
if ($username != substr(sanitize_user($username, TRUE), 0, 60)) {
$error = sprintf(__('<p><strong>ERROR</strong><br /><br />
We got back the following identifier from the login process:<pre>%s</pre>
Unfortunately that is not suitable as a username.<br />
Please contact the <a href="mailto:%s">blog administrator</a> and ask to reconfigure the
simpleSAMLphp plugin!</p>'), $username, get_option('admin_email'));
$errors['registerfail'] = $error;
print($error);
exit();
}
$password = md5(SimpleSAMLAuthentication::passwordRoot());
if (!function_exists('get_user_by')) {
die("Could not load user data");
}
$user = get_user_by('login', $username);
if ($user) { // user already exists - try to log them in
$user = wp_authenticate($username, $password);
wp_set_current_user($user->ID); //Here is where we update the global user variables
wp_set_auth_cookie($user->ID);
do_action('wp_login',$userdata->ID);
if (isset($_REQUEST['redirect_to'])){
wp_redirect($_REQUEST['redirect_to']);
} else {
wp_redirect(get_bloginfo('url'));
}
exit;
} else {
// First time logging in
if ($simplesaml_authentication_opt['new_user'] == 1) {
// Auto-registration is enabled
// User is not in the WordPress database
// They passed SimpleSAML and so are authorised
// Add them to the database
// User must have an e-mail address to register
$user_email = '';
$email_attribute = empty($simplesaml_authentication_opt['email_attribute']) ? 'mail' : $simplesaml_authentication_opt['email_attribute'];
if($attributes[$email_attribute][0]) {
// Try to get email address from attribute
$user_email = $attributes[$email_attribute][0];
} else {
// Otherwise use default email suffix
if ($simplesaml_authentication_opt['email_suffix'] != '') {
$user_email = $username . '@' . $simplesaml_authentication_opt['email_suffix'];
}
}
$user_info = array();
$user_info['user_login'] = $username;
$user_info['user_pass'] = $password;
$user_info['user_email'] = $user_email;
if(empty($simplesaml_authentication_opt['firstname_attribute'])) {
$user_info['first_name'] = $attributes['givenName'][0];
} else {
$user_info['first_name'] = $attributes[$simplesaml_authentication_opt['firstname_attribute']][0];
}
if(empty($simplesaml_authentication_opt['lastname_attribute'])) {
$user_info['last_name'] = $attributes['sn'][0];
} else {
$user_info['last_name'] = $attributes[$simplesaml_authentication_opt['lastname_attribute']][0];
}
// Set user role based on eduPersonEntitlement
if ($simplesaml_authentication_opt['admin_entitlement'] != '' &&
$attributes['eduPersonEntitlement'] &&
in_array($simplesaml_authentication_opt['admin_entitlement'],
$attributes['eduPersonEntitlement'])) {
$user_info['role'] = "administrator";
} else {
$user_info['role'] = "subscriber";
}
$wp_uid = wp_insert_user($user_info);
// the user should have been crated so lets confirm this
$user = get_user_by('login', $username);
if ($user) { // user already exists - try to log them in
$user = wp_authenticate($username, $password);
wp_set_current_user($user->ID); //Here is where we update the global user variables
wp_set_auth_cookie($user->ID);
do_action('wp_login',$userdata->ID);
if (isset($_REQUEST['redirect_to'])){
wp_redirect($_REQUEST['redirect_to']);
} else {
wp_redirect(get_bloginfo('url'));
}
exit;
}
} else {
$error = sprintf(__('<p><strong>ERROR</strong>: %s is not registered with this blog.
Please contact the <a href="mailto:%s">blog administrator</a> to create a new
account!</p>'), $username, get_option('admin_email'));
$errors['registerfail'] = $error;
print($error);
print('<p><a href="/wp-login.php?action=logout">Log out</a> of SimpleSAML.</p>');
exit();
}
}
}
Hi Colemab,
In which php-file should this function be placed?
When I look at the plugin I find 21 files where the function “authenticate” is used…
Thanks in advance for your response.
Sincerely,
Ton
Tonvanleest,
These changes are related to the simplesamlphp-authentication.php file which comes as part of this plugin and should be located in the plugins directory.
Even though this is a complete copy of the code, You may want to also read the other support thread for this plugin where Tatichka and I discuss some other aspects of the implementation of this fix.
Thanks
