Skip to content
OneLogin SAML plugin for Wordpress
Branch: master
Clone or download
pitbulk Now the onelogin_saml_keep_local_login will also hide the login form …
…on wp-login.php view. So when on a logout action, we can notify the user with the typical message of 'You are now logged out.' without showing the local login form
Latest commit 1f57113 Jan 31, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
onelogin-saml-sso
LICENSE Update php-saml to 3.1.0. Make the code compatible Jan 28, 2019
README.md

README.md

wordpress-onelogin. OneLogin SAML plugin for Wordpress.

Uses the new Onelogin PHP-SAML Toolkit. Review its dependences

In order to install it, move the onelogin-saml-sso inside the wp-content/plugins folder. Once moved, activate the plugin and configure it.

Using the SAML Plugin in WPengine or similar

This kind of WP hosting used to cache plugins and protect the wp-login.php view. You will need to contact them in order to disable the cache for this SAML plugin and also allow external HTTP POST to wp-login.php

Security Improvements on 3.0.0

Version 3.0.0 includes a security patch that will prevent DDOS by expansion of internally defined entities (XEE) That version also includes the use of php-saml 3.X so will be compatible with PHP 5.X and 7.X

Security Improvements on 2.4.3

Version 2.4.3 includes a security patch that contains extra validations that will prevent some kind of elaborated signature wrapping attacks and other security improvements. Previous versions are vulnerable so we highly recommended to upgrade to >= 2.4.3.

If you used this plugin before 2.2.0 with just-in-time provision active

Read: https://wpvulndb.com/vulnerabilities/8508

To mitigate that, place the script at the root of WordPress and execute it (later remove it) https://gist.github.com/pitbulk/a8223c90a3534e9a7d5e0a93009a094f

You can’t perform that action at this time.