-
Notifications
You must be signed in to change notification settings - Fork 74
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Multisite improvement: Be able to manage multiple SAML settings on different sites. #78
Conversation
Its working for us! Many thanks Sixto 💪 |
@alejandrobarrios07 I will prepare an official release this month that will include this feature. |
I configured SAML settings and inject it to all sites on my WP setup. It works for the main site but for sites under it, I get an error "ERR_TOO_MANY_REDIRECTS" when I try to login. Do I need to change the options like Idp X509cert, Sp Entity Id, ... for each undersite? |
If you injected the settings in all sites, then that settings are available on those sites. If you have the "redirection issue" maybe you are in a loop where you have force SAML enabled so SSO is executed on WP, then IdP replies a SAMLResponse, then WP rejects it and you start again. You may check on the error logs and find the cause of the issue. Are you trying to connect all sites with 1 unique IdP? then the SP Entity ID could be the same for all the SPs, but the SP endpoints are different (the custom site_id on each SP) so you will need to register them on the IdP (some IdPs offer a way to set multiple endpoints so you can consider each as a different endpoint, other as Onelogin, support a regex). |
Hi @pitbulk Thanks, |
@sandykadam unique values will need an update in each site...at the end this is a value on a database so if you have tons of sites and have a pattern for the unique sp entity id, maybe you can do it with some script |
But is there any wordpress hook or saml plugin hook by which we can update the entity id when a new site is created from network admin? |
I'm not aware of any. |
Now on the Network interface, if the SAML plugin is active, will appear the following menu:
At the "Settings" the user will be able to set "network" settings that later can be injected on the SAML settings of the different sites
("Inject SAML Settings in sites" section). When injecting, previous SAML settings of the site will be overridden.
At the "Enable/Disable SAML on sites" the admin can review hat sites have the SAML feature enabled and change it status on the different sites directly on this global panel.