Shibboleth Single Sign-On integration for Pressbooks.
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.github
.tx
assets
bin
inc
languages
templates
tests
.distignore
.editorconfig
.gitignore
.travis.yml
LICENSE.md
README.md
codecov.yml
composer.json
composer.lock
package.json
phpcs.ruleset.xml
phpunit.xml
pressbooks-shibboleth-sso.php
readme.txt
screenshot-1.png
webpack.mix.js
yarn.lock

README.md

Pressbooks Shibboleth Single Sign-On

Contributors: conner_bw, greatislander
Donate link: https://opencollective.com/pressbooks/
Tags: pressbooks, saml, saml2, sso, shibboleth
Requires at least: 4.9.8
Tested up to: 4.9.8
Stable tag: 0.0.5
License: GPLv3 or later
License URI: https://www.gnu.org/licenses/gpl-3.0.html

Shibboleth Single Sign-On integration for Pressbooks.

Description

Packagist GitHub release Travis Codecov

Plugin to integrate Pressbooks with a Shibboleth single sign-on service.

Users who attempt to login to Pressbooks are redirected to a Shibboleth or SAML2 Identity Provider. After the user’s credentials are verified, they are redirected back to the Pressbooks network. If the Shibboleth UID matches the Pressbooks username, the user is recognized as valid and allowed access. If the Shibboleth user does not have an account in Pressbooks, a new user can be created, or access can be refused, depending on the configuration.

Installation

composer require pressbooks/pressbooks-shibboleth-sso

Or, download the latest version from the releases page and unzip it into your WordPress plugin directory: https://github.com/pressbooks/pressbooks-shibboleth-sso/releases

Then, create the necessary certificates:

cd vendor/onelogin/php-saml/certs
openssl req -newkey rsa:2048 -new -x509 -days 3652 -nodes -out sp.crt -keyout sp.key

Then, activate and configure the plugin at the Network level.

Optional Config

Generating certificates in vendor/onelogin/php-saml/certs, without further changes, will expose them to malicious users (Ie. https://path/to/vendor/onelogin/php-saml/certs/sp.crt). Furthermore, your certificates are at risk of being deleted when updating packages using composer update or similar commands. A competent sysadmin must make sure certificates are not accessible from the internet nor deleted. It is highly recommended that you pass your certificates via configuration variables. Example:

add_filter( 'pb_saml_auth_settings', function( $config ) {
	$config['sp']['x509cert'] = file_get_contents( '/path/to/sp.key' );
	$config['sp']['privateKey'] = file_get_contents( '/path/to/sp.crt' );
	return $config;
} );

Or:

define( 'PHP_SAML_SP_KEY_PATH', '/path/to/sp.key' );
define( 'PHP_SAML_SP_CERT_PATH', '/path/to/sp.crt' );

Because this plugin uses the fabulous onelogin/php-saml toolkit, many other configuration variables can be tweaked.

Screenshots

Pressbooks Shibboleth Administration.

Changelog

0.0.5

Patches

  • [Security] Bump robrichards/xmlseclibs from 3.0.1 to 3.0.2: #8

0.0.4

  • New pb_integrations_multidomain_email filter
  • Associate existing users with either mail or eduPersonPrincipalName

0.0.3

  • Use certificate to set Valid Until
  • Interoperable SAML 2.0 Web Browser SSO Profile
  • Improve error message when login fails

0.0.2

  • Add feature to auto-config from IdP metadata
  • Remove ampersand character from SP entityID

0.0.1

  • Initial Release

Upgrade Notice

0.0.4

  • Pressbooks Shibboleth Single Sign-On requires Pressbooks >= 5.5.2 and WordPress >= 4.9.8