Multisite improvement: Be able to manage multiple SAML settings on different sites.

[pitbulk]

Now on the Network interface, if the SAML plugin is active, will appear the following menu:

At the "Settings" the user will be able to set "network" settings that later can be injected on the SAML settings of the different sites
("Inject SAML Settings in sites" section). When injecting, previous SAML settings of the site will be overridden.

At the "Enable/Disable SAML on sites" the admin can review hat sites have the SAML feature enabled and change it status on the different sites directly on this global panel.

[alejandrobarrios07]

Its working for us! Many thanks Sixto 💪

[pitbulk]

@alejandrobarrios07 I will prepare an official release this month that will include this feature.

[danhul]

I configured SAML settings and inject it to all sites on my WP setup. It works for the main site but for sites under it, I get an error "ERR_TOO_MANY_REDIRECTS" when I try to login. Do I need to change the options like Idp X509cert, Sp Entity Id, ... for each undersite?

[pitbulk]

If you injected the settings in all sites, then that settings are available on those sites.

If you have the "redirection issue" maybe you are in a loop where you have force SAML enabled so SSO is executed on WP, then IdP replies a SAMLResponse, then WP rejects it and you start again.

You may check on the error logs and find the cause of the issue.

Are you trying to connect all sites with 1 unique IdP? then the SP Entity ID could be the same for all the SPs, but the SP endpoints are different (the custom site_id on each SP) so you will need to register them on the IdP (some IdPs offer a way to set multiple endpoints so you can consider each as a different endpoint, other as Onelogin, support a regex).

[sandykadam]

Hi @pitbulk
Thanks for adding this feature!
I have query regarding redirect after login into one of the site. For e.g
www.domain.com - Main Network Admin
www.domain.com/site1
www.domain.com/site2
I have updated all required settings in Network admin settings for SAML which need to replicated on sub-sites. But afaik we need to have unique "Service Provider Entity Id" for each site, so that if user logged into /site1 he should redirect to site1 only and not in main domain. Because SAML IDP will need redirect url reference.
How we can achieve this or I need to goto each site and update its unique "Service Provider Entity Id" ? Also is there any hook which I can use after any site is created to update Entity ID to that respective site?

Thanks,

[pitbulk]

@sandykadam unique values will need an update in each site...at the end this is a value on a database so if you have tons of sites and have a pattern for the unique sp entity id, maybe you can do it with some script

[sandykadam]

But is there any wordpress hook or saml plugin hook by which we can update the entity id when a new site is created from network admin?

[pitbulk]

I'm not aware of any.