Fetching latest commit…
Cannot retrieve the latest commit at this time.
|Failed to load latest commit information.|
=== Shibboleth === Contributors: willnorris, mitchoyoshitaka Tags: shibboleth, authentication, login, saml Requires at least: 2.8 Tested up to: 3.0.1 Stable tag: 1.4 Allows WordPress to externalize user authentication and account creation to a Shibboleth Service Provider. == Description == This plugin is designed to support integrating your WordPress or WordPress MU blog into your existing identity management infrastructure using a [Shibboleth] Service Provider. WordPress can be configure so that all standard login requests will be sent to your configured Shibboleth Identity Provider or Discovery Service. Upon successful authentication, a new WordPress account will be automatically provisioned for the user if one does not already exist. User attributes (username, first name, last name, display name, nickname, and email address) can be synchronized with your enterprise's system of record each time the user logs into WordPress. Finally, the user's role within WordPress can be automatically set (and continually updated) based on any attribute Shibboleth provides. For example, you may decide to give users with an eduPersonAffiliation value of *faculty* the WordPress role of *editor*, while the eduPersonAffiliation value of *student* maps to the WordPress role *contributor*. Or you may choose to limit access to WordPress altogether using a special eduPersonEntitlement value. [Shibboleth]: http://shibboleth.internet2.edu/ == Installation == First and foremost, you must have the Shibboleth Service Provider [properly installed] and working. If you don't have Shibboleth working yet, I assure you that you won't get this plugin to work. This plugin expects Shibboleth to be configured to use "lazy sessions", so ensure that you have Shibboleth configured with requireSession set to "false". Upon activation, the plugin will attempt to set the appropriate directives in WordPress's .htaccess file. If it is unable to do so, you can add this manually: AuthType Shibboleth Require Shibboleth = For single-user WordPress = Upload the `shibboleth` folder to your WordPress plugins folder (probably `/wp-content/plugins`), and activate it through the WordPress admin panel. Configure it from the Shibboleth settings page. = For WordPress MU = Shibboleth works equally well with WordPress MU using either vhosts or folders for blogs. Upload the `shibboleth` folder to your `mu-plugins` folder (probably `/wp-content/mu-plugins`). Move the file `shibboleth-mu.php` from the `shibboleth` folder up one directory so that it is in `mu-plugins` alongside the `shibboleth` folder. No need to activate it, just configure it from the Shibboleth settings page, found under "Site Admin". [properly installed]: https://spaces.internet2.edu/display/SHIB2/Installation == Frequently Asked Questions == = What is Shibboleth? = From [the Shibboleth homepage]: > The Shibboleth System is a standards based, open source software package for > web single sign-on across or within organizational boundaries. It allows > sites to make informed authorization decisions for individual access of > protected online resources in a privacy-preserving manner. [the Shibboleth homepage]: http://shibboleth.internet2.edu/ = Can I extend the Shibboleth plugin to provide custom logic? = Yes, the plugin provides a number of new [actions] and [filters] that can be used to extend the functionality of the plugin. Search `shibboleth.php` for occurances of the function calls `apply_filters` and `do_action` to find them all. Then [write a new plugin] that makes use of the hooks. If your require additional hooks to allow for extending other parts of the plugin, please notify the plugin authors via the [support forum]. Before extending the plugin in this manner, please ensure that it is not actually more appropriate to add this logic to Shibboleth. It may make more sense to add a new attribute to your Shibboleth Identity Provider's attribute store (e.g. LDAP directory), or a new attribute definition to the Identity Provider's internal attribute resolver or the Shibboleth Service Provider's internal attribute extractor. In the end, the Shibboleth administrator will have to make that call as to what is most appropriate. [actions]: http://codex.wordpress.org/Plugin_API#Actions [filters]: http://codex.wordpress.org/Plugin_API#Filters [write a new plugin]: http://codex.wordpress.org/Writing_a_Plugin [support forum]: http://wordpress.org/tags/shibboleth?forum_id=10#postform == Screenshots == 1. Configure login, logout, and password management URLs 2. Specify which Shibboleth headers map to user profile fields 3. Assign users into WordPress roles based on arbitrary data provided by Shibboleth == Changelog == = version 1.4 (2010-08-30) = - tested for compatibility with WordPress 3.0 - new hooks for developers to override the default user role mapping controls - now applies `sanitize_name()` to the Shibboleth user's `nicename` column = version 1.3 (2009-10-02) = - required WordPress version bumped to 2.8 - much cleaner integration with WordPress authentication system - individual user profile fields can be designated as managed by Shibboleth - start of support for i18n. If anyone is willing to provide translations, please contact the plugin author = version 1.2 (2009-04-21) = - fix bug where shibboleth users couldn't update their profile. (props pchapman on bug report) - fix bug where local logins were being sent to shibboleth = version 1.1 (2009-03-16) = - cleaner integration with WordPress login form (now uses a custom action instead of hijacking the standard login action) - add option for enterprise password change URL -- shown on user profile page. - add option for enterprise password reset URL -- Shibboleth users are auto-redirected here if attempt WP password reset. - add plugin deactivation hook to remove .htaccess rules - add option to specify Shibboleth header for user nickname - add filters for all user attributes and user role (allow other plugins to override these values) - much cleaner interface on user edit admin page - fix bug with options being overwritten in WordPress MU = version 1.0 (2009-03-14) = - now works properly with WordPress MU - move Shibboleth menu to Site Admin for WordPress MU (props: Chris Bland) - lots of code cleanup and documentation = version 0.1 = - initial public release