SimpleShib is a WordPress plugin to authenticate users with a Shibboleth Single Sign-On infrastructure.
Author: | Steve Guglielmo (profile at wordpress.org) |
WordPress version required: | 5.2 |
WordPress version tested: | 5.4.2 |
Plugin version: | 1.2.2 |
Added to WordPress repository: | 17-02-2017 |
Last updated: | 19-06-2020
Warning! This plugin has not been updated in over 2 years. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.
|
Rating, %: | 0 |
Rated by: | 0 |
Plugin URI: | https://wordpress.org/plugins/simpleshib/ |
Total downloads: | 819 |
Click to start download
|
SimpleShib is a WordPress plugin to authenticate users with a Shibboleth Single Sign-On infrastructure. This plugin will not work if you do not have a Shibboleth IdP and SP already configured.
When a WordPress login request is received from a user, the Shibboleth session is validated. If the session does not exist, user is redirected to the IdP login page. Once authenticated at the IdP, the user is redirected back to WordPress and logged into their local WordPress account. If a local account does not exist, one can optionally be created.
User data (login, name, and email) is updated in WordPress from the IdP data upon every login. Additionally, the user is restricted from manually changing those fields on their profile page.
On multisite instances of WordPress, SimpleShib can only be network-activated.
The plugin settings include options for autoprovisioning, custom IdP attributes, password reset/change URLs, and session initiation/logout URLs.
SimpleShib is developed on GitHub. Please submit bug reports and contributions on the GitHub project page. For general support and questions, please use the WordPress support forum.
This plugin is not affiliated with the Shibboleth or Internet2 organizations.
Screenshots
The first half of the SimpleShib plugin settings within the WordPress admin menu.
The second half of the SimpleShib plugin settings within the WordPress admin menu.
FAQ
What is Shibboleth?
From Wikipedia:
“Shibboleth is a single sign-on (log-in) system for computer networks and the Internet. It allows people to sign in using just one identity to various systems run by federations of different organizations or institutions. The federations are often universities or public service organizations.”
Can I test this without an IdP?
Maybe. Check out TestShib.org. Note, you still need the SP/shibd configured on the server with Apache/WordPress.
A shibboleth plugin already exists; why write another?
My attempts to use the other Shibboleth plugin failed for various technical reasons. It seemed to be unmaintained at the time. I ended up modifying the plugin heavily. I finally got to the point where I just wrote my own.
The domain name is not correct after a redirect
Add the following to Apache’s config:
UseCanonicalName On
Can I automatically set user roles based on IdP data?
No. SimpleShib handles authentication, not authorization. Authorization is managed within WordPress by network admins or site admins.
What’s this MIT license?
SimpleShib is released under the MIT license. The MIT license is short, simple, and very permissive. Basically, you can do whatever you want, provided the original copyright and license notice are included in any/all copies of the software. You may modify, distribute, sell, incorporate into proprietary software, use privately, and use commerically.
There is no warranty and the author or any contributors are not liable if something goes wrong.
See the LICENSE
file for full details.
ChangeLog
1.2.2
- Compatibility with WordPress 5.4.
- Require PHP 7.2.
- Documentation updates.
1.2.1
- Add options for custom IdP attributes.
- Documentation updates.
1.2.0
- Move configuration into the database.
- Compatibility with WordPress 5.3.
- Fix a return_to URL bug that affected multisite.
- Documentation updates.
1.1.1
- Compatibility with WordPress 5.2.
- Improve compliance with WordPress coding standards.
- Minor documentation updates.
1.1.0
- Add a boolean setting for automatic account provisioning.
- Update example logout URL to return to the IdP’s logout page.
1.0.3
- Compatibility with WordPress 5.1.
- Improve compliance with WordPress coding standards.
- Use wp_safe_redirect() when possible.
- Move PHP class into a separate file.
- Change install instructions from a must-use plugin to a network-activated plugin.
1.0.2
- Compatibility with WordPress 5.
- Improve compliance with WordPress coding standards.
- Minor documentation updates.
1.0.1
- Minor documentation and code changes.
- Add plugin banner to assets.
1.0.0