gilzow/wp-saml-auth-config.php Secret

## wp-saml-auth-config.php
add_filter('wp_saml_auth_option', function( $value, $option_name) {

    $defaults = array(
        /**
         * Type of SAML connection bridge to use.
         *
         * 'internal' uses OneLogin bundled library; 'simplesamlphp' uses SimpleSAMLphp.
         *
         * Defaults to SimpleSAMLphp for backwards compatibility.
         *
         * @param string
         */
        'connection_type' => 'simplesamlphp',
        /**
         * Configuration options for OneLogin library use.
         *
         * See comments with "Required:" for values you absolutely need to configure.
         *
         * @param array
         */
        'internal_config'        => array(
            // Validation of SAML responses is required.
            'strict'       => true,
            'debug'        => defined('WP_DEBUG') && WP_DEBUG ? true : false,
            'baseurl'      => home_url(),
            'sp'           => array(
                'entityId' => 'urn:' . parse_url(home_url(), PHP_URL_HOST),
                'assertionConsumerService' => array(
                    'url'  => home_url(),
                    'binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
                ),
            ),
            'idp'          => array(
                // Required: Set based on provider's supplied value.
                'entityId' => 'https://shib-idp.umsystem.edu/idp/shibboleth',
                'singleSignOnService' => array(
                    // Required: Set based on provider's supplied value.
                    'url'  => 'https://shib-idp.umsystem.edu/idp/profile/SAML2/Redirect/SSO',
                    'binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
                ),
                'singleLogoutService' => array(
                    // Required: Set based on provider's supplied value.
                    'url'  => 'https://shib-idp.umsystem.edu/idp/profile/SAML2/Redirect/SSO',
                    'binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
                ),
                // Required: Contents of the IDP's public x509 certificate.
                // Use file_get_contents() to load certificate contents into scope.
                'x509cert' => '',
                // Optional: Instead of using the x509 cert, you can specify the fingerprint and algorithm.
                'certFingerprint' => '',
                'certFingerprintAlgorithm' => '',
            ),
        ),
        /**
         * Path to SimpleSAMLphp autoloader.
         *
         * Follow the standard implementation by installing SimpleSAMLphp
         * alongside the plugin, and provide the path to its autoloader.
         * Alternatively, this plugin will work if it can find the
         * `SimpleSAML_Auth_Simple` class.
         *
         * @param string
         */
        'simplesamlphp_autoload' => '/app/vendor/simplesamlphp/simplesamlphp/lib/_autoload.php',
        /**
         * Authentication source to pass to SimpleSAMLphp
         *
         * This must be one of your configured identity providers in
         * SimpleSAMLphp. If the identity provider isn't configured
         * properly, the plugin will not work properly.
         *
         * @param string
         */
        'auth_source'            => 'default-sp',
        /**
         * Whether or not to automatically provision new WordPress users.
         *
         * When WordPress is presented with a SAML user without a
         * corresponding WordPress account, it can either create a new user
         * or display an error that the user needs to contact the site
         * administrator.
         *
         * @param bool
         */
        'auto_provision'         => false,
        /**
         * Whether or not to permit logging in with username and password.
         *
         * If this feature is disabled, all authentication requests will be
         * channeled through SimpleSAMLphp.
         *
         * @param bool
         */
        'permit_wp_login'        => true,
        /**
         * Attribute by which to get a WordPress user for a SAML user.
         *
         * @param string Supported options are 'email' and 'login'.
         */
        'get_user_by'            => 'login',
        /**
         * SAML attribute which includes the user_login value for a user.
         *
         * @param string
         */
        'user_login_attribute'   => 'urn:mace:umsystem.edu:attribute-def:samAccountName',
        /**
         * SAML attribute which includes the user_email value for a user.
         *
         * @param string
         */
        'user_email_attribute'   => 'urn:mace:dir:attribute-def:mail',
        /**
         * SAML attribute which includes the display_name value for a user.
         *
         * @param string
         */
        'display_name_attribute' => 'urn:mace:dir:attribute-def:displayName',
        /**
         * SAML attribute which includes the first_name value for a user.
         *
         * @param string
         */
        'first_name_attribute' => 'urn:mace:dir:attribute-def:givenName',
        /**
         * SAML attribute which includes the last_name value for a user.
         *
         * @param string
         */
        'last_name_attribute' => 'urn:mace:dir:attribute-def:sn',
        /**
         * Default WordPress role to grant when provisioning new users.
         *
         * @param string
         */
        'default_role'           => get_option('default_role'),
    );
    $value = isset($defaults[ $option_name ]) ? $defaults[ $option_name ] : $value;
    return $value;
}, 10, 2);
	add_filter('wp_saml_auth_option', function( $value, $option_name) {

	$defaults = array(
	/**
	* Type of SAML connection bridge to use.
	*
	* 'internal' uses OneLogin bundled library; 'simplesamlphp' uses SimpleSAMLphp.
	*
	* Defaults to SimpleSAMLphp for backwards compatibility.
	*
	* @param string
	*/
	'connection_type' => 'simplesamlphp',
	/**
	* Configuration options for OneLogin library use.
	*
	* See comments with "Required:" for values you absolutely need to configure.
	*
	* @param array
	*/
	'internal_config' => array(
	// Validation of SAML responses is required.
	'strict' => true,
	'debug' => defined('WP_DEBUG') && WP_DEBUG ? true : false,
	'baseurl' => home_url(),
	'sp' => array(
	'entityId' => 'urn:' . parse_url(home_url(), PHP_URL_HOST),
	'assertionConsumerService' => array(
	'url' => home_url(),
	'binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
	),
	),
	'idp' => array(
	// Required: Set based on provider's supplied value.
	'entityId' => 'https://shib-idp.umsystem.edu/idp/shibboleth',
	'singleSignOnService' => array(
	// Required: Set based on provider's supplied value.
	'url' => 'https://shib-idp.umsystem.edu/idp/profile/SAML2/Redirect/SSO',
	'binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
	),
	'singleLogoutService' => array(
	// Required: Set based on provider's supplied value.
	'url' => 'https://shib-idp.umsystem.edu/idp/profile/SAML2/Redirect/SSO',
	'binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
	),
	// Required: Contents of the IDP's public x509 certificate.
	// Use file_get_contents() to load certificate contents into scope.
	'x509cert' => '',
	// Optional: Instead of using the x509 cert, you can specify the fingerprint and algorithm.
	'certFingerprint' => '',
	'certFingerprintAlgorithm' => '',
	),
	),
	/**
	* Path to SimpleSAMLphp autoloader.
	*
	* Follow the standard implementation by installing SimpleSAMLphp
	* alongside the plugin, and provide the path to its autoloader.
	* Alternatively, this plugin will work if it can find the
	* `SimpleSAML_Auth_Simple` class.
	*
	* @param string
	*/
	'simplesamlphp_autoload' => '/app/vendor/simplesamlphp/simplesamlphp/lib/_autoload.php',
	/**
	* Authentication source to pass to SimpleSAMLphp
	*
	* This must be one of your configured identity providers in
	* SimpleSAMLphp. If the identity provider isn't configured
	* properly, the plugin will not work properly.
	*
	* @param string
	*/
	'auth_source' => 'default-sp',
	/**
	* Whether or not to automatically provision new WordPress users.
	*
	* When WordPress is presented with a SAML user without a
	* corresponding WordPress account, it can either create a new user
	* or display an error that the user needs to contact the site
	* administrator.
	*
	* @param bool
	*/
	'auto_provision' => false,
	/**
	* Whether or not to permit logging in with username and password.
	*
	* If this feature is disabled, all authentication requests will be
	* channeled through SimpleSAMLphp.
	*
	* @param bool
	*/
	'permit_wp_login' => true,
	/**
	* Attribute by which to get a WordPress user for a SAML user.
	*
	* @param string Supported options are 'email' and 'login'.
	*/
	'get_user_by' => 'login',
	/**
	* SAML attribute which includes the user_login value for a user.
	*
	* @param string
	*/
	'user_login_attribute' => 'urn:mace:umsystem.edu:attribute-def:samAccountName',
	/**
	* SAML attribute which includes the user_email value for a user.
	*
	* @param string
	*/
	'user_email_attribute' => 'urn:mace:dir:attribute-def:mail',
	/**
	* SAML attribute which includes the display_name value for a user.
	*
	* @param string
	*/
	'display_name_attribute' => 'urn:mace:dir:attribute-def:displayName',
	/**
	* SAML attribute which includes the first_name value for a user.
	*
	* @param string
	*/
	'first_name_attribute' => 'urn:mace:dir:attribute-def:givenName',
	/**
	* SAML attribute which includes the last_name value for a user.
	*
	* @param string
	*/
	'last_name_attribute' => 'urn:mace:dir:attribute-def:sn',
	/**
	* Default WordPress role to grant when provisioning new users.
	*
	* @param string
	*/
	'default_role' => get_option('default_role'),
	);
	$value = isset($defaults[ $option_name ]) ? $defaults[ $option_name ] : $value;
	return $value;
	}, 10, 2);