srguglielmo / simpleshib Goto Github PK

• mod_fastcgi, a 3rd party Apache module released under a custom open-source license. Website offline, not sure if this is supported upstream (but there seem to be forks around).
• mod_fcgid, originally 3rd party, but moved to Apache core in 2009.
• mod_proxy_fcgi, new in Apache 2.4, officially part of Apache core.

See mitcho/shibboleth#13

Hi @srguglielmo ! This looks like a nice, straightforward Shibboleth plugin. I think you have a lot of the basics done right, but to make this work for a variety of setups it would be helpful to have a lot of these options be configurable.

Please consider taking a look at the configuration interface and pull requests like mitcho/shibboleth#13. Those give a quick overview of the needs of we've seen on different server setups.

Look into a UI for the configuration. Useful for shared hosting/etc.

See #1.

At Brown, our shibboleth attributes are named with consistency on all of our SPs but our attributes do not match the attributes that SimpleShib expects. The result is an endless authentication loop.
To give a little background, Brown's attribute names were decided when we implemented Shibboleth. For example, we use 'Shibboleth-brownShortId' to identify the username of the user. It looks like the SimpleShib plugin's code is looking for an attribute named 'uid'.
We could rename our attributes on these servers but it would be ideal (from our perspective) to map the names using constants in the plugin.
There are a few ways to do this but I wanted to start by asking if the request is understood and then proceed to how we can work together on a solution.

Thanks!
-Tim Thorp
Web Developer
Brown University

Fatal error: Uncaught Error: Call to undefined function switch_to_blog() in /var/www/wordpress-playground/wordpress/content/plugins/simpleshib/simpleshib.php:145 Stack trace:
 #0 /var/www/wordpress-playground/wordpress/content/plugins/simpleshib/simpleshib.php(110): SimpleShib->get_initiator_url('https://playgro...')
 #1 /var/www/wordpress-playground/wordpress/wp/wp-includes/class-wp-hook.php(298): SimpleShib->authenticate_or_redirect(NULL, '', '')
 #2 /var/www/wordpress-playground/wordpress/wp/wp-includes/plugin.php(203): WP_Hook->apply_filters(NULL, Array)
 #3 /var/www/wordpress-playground/wordpress/wp/wp-includes/pluggable.php(532): apply_filters('authenticate', NULL, '', '')
 #4 /var/www/wordpress-playground/wordpress/wp/wp-includes/user.php(85): wp_authenticate('', '')
 #5 /var/www/wordpress-playground/wordpress/wp/wp-login.php(790): wp_signon(Array, true)
 #6 {main} thrown in /var/www/wordpress-playground/wordpress/content/plugins/simpleshib/simpleshib.php on line 145

The switch_to_blog() isn't necessary here. It can be replaced with a call to get_site_url().

Hello

Problem when access wp-admin directly . WP redirect to wp-login.php with REAUTH=1 parameter.
This parameter kill all cookies...
I already get this prob with my CAS plugin and resolved it with filter.

To solve this , I add a filter into construct to remove this parameter
add_filter( 'login_url', array( $this, 'efg_wp_cas_clear_reauth' ) );

And my function :
/**
* Clear reauth parameter from login url to login directly from CAS server.
* Remove the reauth=1 parameter from the login URL, if applicable. This allows
* us to transparently bypass the mucking about with cookies that happens in
* wp-login.php immediately after wp_signon when a user e.g. navigates directly
* to wp-admin.
*/
public function efg_wp_cas_clear_reauth( $login_url ) {

    $login_url = remove_query_arg( 'reauth', $login_url );
    return $login_url;
}

Hope will help people using this plugin.

Thanks for the plugin. I like the idea but it is not working for me yet. I thought I would start my troubleshooting by ironing out a little confusion.

"Set to true to disable all login functionality."
do you mean
"Set to true to disable native Wordpress login functionality"
or
"Set to true to disable Shibboleth SSO"
or ...