WP SAML Auth

Screenshots

SAML authentication for WordPress, using the bundled OneLogin SAML library or optionally installed SimpleSAMLphp. OneLogin provides a SAML authentication bridge; SimpleSAMLphp provides SAML plus a variety of other authentication mechanisms. This plugin acts as a bridge between WordPress and the authentication library. If your organization uses Google Apps, integrating Google Apps with WP SAML Auth takes just a few steps. The standard user flow looks like this: User can log in via SAML using a button added to the standard WordPress login view. When the button is clicked, the user is handed off to the authentication library. With OneLogin, the user is redirected to the SAML identity provider. With SimpleSAMLphp, the user is redirected to the SimpleSAMLphp install. Once the user is authenticated with the identity provider, they’re redirected back to WordPress and signed in to their account. A new WordPress user will be created if none exists (although this behavior can be disabled). When the user logs out of WordPress, they are also logged out of the identity provider. A set of configuration options allow you to change the plugin’s default behavior. For instance, permit_wp_login=>false will force all authentication to go through the SAML identity provider, bypassing wp-login.php. Similiarly, auto_provision=>false will disable automatic creation of new WordPress users. See installation instructions for full configuration details. WP-CLI Commands This plugin implements a variety of WP-CLI commands. All commands are grouped into the wp saml-auth namespace. $ wp help saml-auth NAME wp saml-auth DESCRIPTION Configure and manage the WP SAML Auth plugin. SYNOPSIS wp saml-auth <command> SUBCOMMANDS scaffold-config Scaffold a configuration filter to customize WP SAML Auth usage. Use wp help saml-auth <command> to learn more about each command. Contributing The best way to contribute to the development of this plugin is by participating on the GitHub project: https://github.com/pantheon-systems/wp-saml-auth Pull requests and issues are welcome! You may notice there are two sets of tests running, on two different services: Travis CI runs the PHPUnit test suite, which mocks interactions with SimpleSAMLphp. Circle CI runs the Behat test suite against a Pantheon site, to ensure the plugin’s compatibility with the Pantheon platform. This includes configuring a fully-functional instance of SimpleSAMLphp. Both of these test suites can be run locally, with a varying amount of setup. PHPUnit requires the WordPress PHPUnit test suite, and access to a database with name wordpress_test. If you haven’t already configured the test suite locally, you can run bash bin/install-wp-tests.sh wordpress_test root '' localhost. Behat requires a Pantheon site. Once you’ve created the site, you’ll need install Terminus, and set the TERMINUS_TOKEN, TERMINUS_SITE, and TERMINUS_ENV environment variables. Then, you can run ./bin/behat-prepare.sh to prepare the site for the test suite.