mcserep/simple-saml-auth.php

## simple-saml-auth.php
<?php
/**
 * Plugin Name: Simple SAML Authenticator
 * Plugin URI: https://gist.github.com/mcserep/d14f73b054bbb88c274c9568e35eba10
 * Description: Defines an authentication hook to use an external, Shibboleth based method to verify users.
 * Version: 1.0.0
 * Author: Máté Cserép
 * Author URI: http://codenet.hu/
 * License: GPL v2 or later
 * License URI: https://www.gnu.org/licenses/gpl-2.0.html
*/

// This action is located inside of wp_signon. In contrast to the wp_login action, it is executed before the WordPress authentication process.
add_action('wp_authenticate', 'simplesaml_auth');

/**
 * Replaces the default WP authentication with the a SAML based alternative.
 */
function simplesaml_auth()
{
	// require HTTPS
	if (!is_ssl())
	{
		wp_safe_redirect("https://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]");
	  exit;
	}

	// load SimpleSAMLphp
	$installLocation = get_option('simplesaml_install_location', $_SERVER['HOME']);
	require_once "$installLocation/samlsrc/simplesamlphp/lib/_autoload.php";
	require_once "$installLocation/samlsrc/simplesamlphp/lib/SimpleSAML/Auth/Simple.php";

	// perform authentication
	$simpleSaml = new SimpleSAML_Auth_Simple('default-sp');
	$simpleSaml->requireAuth();
	$attr = $simpleSaml->getAttributes();

	// check results
	if(empty($attr))
		return;

	// get field names from options
	$userOptions = array(
		'user_login'     => get_option('simplesaml_user_login'),
		'display_name' => get_option('simplesaml_display_name'),
		'first_name'   => get_option('simplesaml_first_name'),
		'last_name'    => get_option('simplesaml_last_name'),
		'user_email'   => get_option('simplesaml_user_email'),
	);

	// verify whether field names are defined
	if(in_array(false, $userOptions))
		return;

	// check login source (if given)
	$loginSourceField = get_option('simplesaml_login_source_field');
	$loginSourceValue = get_option('simplesaml_login_source_value');
	if($loginSourceField !== false && $attr[$loginSourceField][0] != $loginSourceValue)
		$simpleSaml->logout();

	// find user
	if(username_exists($attr[$userOptions['user_login']][0]))
	{
		$user = get_user_by('login', $attr[$userOptions['user_login']][0]);
	}
	else
	{
		// create user if not exists
		$userdata = array(
			'user_login' => $attr[$userOptions['user_login']][0],
			'display_name' => $attr[$userOptions['display_name']][0],
			'first_name' => $attr[$userOptions['first_name']][0],
			'last_name' => $attr[$userOptions['last_name']][0],
			'user_email' => $attr[$userOptions['user_email']][0],
		);
		$newId = wp_insert_user($userdata);
		$user = get_user_by('id', $newId);
	}

  // login user into WP
	wp_set_current_user($user->ID, $user->user_login);
	wp_set_auth_cookie($user->ID);
	do_action('wp_login', $user->user_login);

  // redirect to originally visited page
	if(isset($_GET['redirect_to']) && !empty($_GET['redirect_to']))
	{
		$_GET['redirect_to'] = preg_replace('|^http:\/\/|', 'https://', $_GET['redirect_to']);
		wp_safe_redirect($_GET['redirect_to']);
		exit;
	}
	else
	{
		wp_safe_redirect(admin_url('', 'https'));
		exit;
	}
}

// --------------------------------
// Settings interface
// --------------------------------

add_action('admin_init', 'simplesaml_settings');
function simplesaml_settings()
{
	add_settings_section(
		'simplesaml_section',
		'SimpleSAML authentication',
		'simplesaml_section_header',
		'general'
	);

	add_settings_field(
		'simplesaml_install_location',
		'SimpleSAMLphp install location',
		'simplesaml_field_input',
		'general',
		'simplesaml_section',
		array('id' => 'simplesaml_install_location')
	);

	add_settings_field(
		'simplesaml_user_login',
		'Username field',
		'simplesaml_field_input',
		'general',
		'simplesaml_section',
		array('id' => 'simplesaml_user_login')
	);

	add_settings_field(
		'simplesaml_display_name',
		'Display name field',
		'simplesaml_field_input',
		'general',
		'simplesaml_section',
		array('id' => 'simplesaml_display_name')
	);

	add_settings_field(
		'simplesaml_first_name',
		'First name field',
		'simplesaml_field_input',
		'general',
		'simplesaml_section',
		array('id' => 'simplesaml_first_name')
	);

	add_settings_field(
		'simplesaml_last_name',
		'Last name field',
		'simplesaml_field_input',
		'general',
		'simplesaml_section',
		array('id' => 'simplesaml_last_name')
	);

	add_settings_field(
		'simplesaml_user_email',
		'Email address field',
		'simplesaml_field_input',
		'general',
		'simplesaml_section',
		array('id' => 'simplesaml_user_email')
	);

	add_settings_field(
		'simplesaml_login_source_field',
		'Login source field',
		'simplesaml_field_input',
		'general',
		'simplesaml_section',
		array('id' => 'simplesaml_login_source_field')
	);

	add_settings_field(
		'simplesaml_login_source_value',
		'Login source value',
		'simplesaml_field_input',
		'general',
		'simplesaml_section',
		array('id' => 'simplesaml_login_source_value')
	);

	register_setting('general', 'simplesaml_install_location');
	register_setting('general', 'simplesaml_user_login');
	register_setting('general', 'simplesaml_display_name');
	register_setting('general', 'simplesaml_first_name');
	register_setting('general', 'simplesaml_last_name');
	register_setting('general', 'simplesaml_user_email');
	register_setting('general', 'simplesaml_login_source_field');
	register_setting('general', 'simplesaml_login_source_value');
}

function simplesaml_section_header()
{
	echo '<p>Configuration of SimpleSAML based authentication</p>';
}

function simplesaml_field_input($args)
{
	echo '<input name="' . $args['id'] . '" id="' . $args['id'] . '" type="text" value="' . get_option($args['id']) . '" class="regular-text" />';
}


// --------------------------------
// Uninstall
// --------------------------------

register_uninstall_hook(__FILE__, 'simplesaml_uninstall');

function simplesaml_uninstall()
{
	unregister_setting('general', 'simplesaml_install_location');
	unregister_setting('general', 'simplesaml_user_login');
	unregister_setting('general', 'simplesaml_display_name');
	unregister_setting('general', 'simplesaml_first_name');
	unregister_setting('general', 'simplesaml_last_name');
	unregister_setting('general', 'simplesaml_user_email');
	unregister_setting('general', 'simplesaml_login_source_field');
	unregister_setting('general', 'simplesaml_login_source_value');
}
	<?php
	/**
	* Plugin Name: Simple SAML Authenticator
	* Plugin URI: https://gist.github.com/mcserep/d14f73b054bbb88c274c9568e35eba10
	* Description: Defines an authentication hook to use an external, Shibboleth based method to verify users.
	* Version: 1.0.0
	* Author: Máté Cserép
	* Author URI: http://codenet.hu/
	* License: GPL v2 or later
	* License URI: https://www.gnu.org/licenses/gpl-2.0.html
	*/

	// This action is located inside of wp_signon. In contrast to the wp_login action, it is executed before the WordPress authentication process.
	add_action('wp_authenticate', 'simplesaml_auth');

	/**
	* Replaces the default WP authentication with the a SAML based alternative.
	*/
	function simplesaml_auth()
	{
	// require HTTPS
	if (!is_ssl())
	{
	wp_safe_redirect("https://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]");
	exit;
	}

	// load SimpleSAMLphp
	$installLocation = get_option('simplesaml_install_location', $_SERVER['HOME']);
	require_once "$installLocation/samlsrc/simplesamlphp/lib/_autoload.php";
	require_once "$installLocation/samlsrc/simplesamlphp/lib/SimpleSAML/Auth/Simple.php";

	// perform authentication
	$simpleSaml = new SimpleSAML_Auth_Simple('default-sp');
	$simpleSaml->requireAuth();
	$attr = $simpleSaml->getAttributes();

	// check results
	if(empty($attr))
	return;

	// get field names from options
	$userOptions = array(
	'user_login' => get_option('simplesaml_user_login'),
	'display_name' => get_option('simplesaml_display_name'),
	'first_name' => get_option('simplesaml_first_name'),
	'last_name' => get_option('simplesaml_last_name'),
	'user_email' => get_option('simplesaml_user_email'),
	);

	// verify whether field names are defined
	if(in_array(false, $userOptions))
	return;

	// check login source (if given)
	$loginSourceField = get_option('simplesaml_login_source_field');
	$loginSourceValue = get_option('simplesaml_login_source_value');
	if($loginSourceField !== false && $attr[$loginSourceField][0] != $loginSourceValue)
	$simpleSaml->logout();

	// find user
	if(username_exists($attr[$userOptions['user_login']][0]))
	{
	$user = get_user_by('login', $attr[$userOptions['user_login']][0]);
	}
	else
	{
	// create user if not exists
	$userdata = array(
	'user_login' => $attr[$userOptions['user_login']][0],
	'display_name' => $attr[$userOptions['display_name']][0],
	'first_name' => $attr[$userOptions['first_name']][0],
	'last_name' => $attr[$userOptions['last_name']][0],
	'user_email' => $attr[$userOptions['user_email']][0],
	);
	$newId = wp_insert_user($userdata);
	$user = get_user_by('id', $newId);
	}

	// login user into WP
	wp_set_current_user($user->ID, $user->user_login);
	wp_set_auth_cookie($user->ID);
	do_action('wp_login', $user->user_login);

	// redirect to originally visited page
	if(isset($_GET['redirect_to']) && !empty($_GET['redirect_to']))
	{
	$_GET['redirect_to'] = preg_replace('\|^http:\/\/\|', 'https://', $_GET['redirect_to']);
	wp_safe_redirect($_GET['redirect_to']);
	exit;
	}
	else
	{
	wp_safe_redirect(admin_url('', 'https'));
	exit;
	}
	}

	// --------------------------------
	// Settings interface
	// --------------------------------

	add_action('admin_init', 'simplesaml_settings');
	function simplesaml_settings()
	{
	add_settings_section(
	'simplesaml_section',
	'SimpleSAML authentication',
	'simplesaml_section_header',
	'general'
	);

	add_settings_field(
	'simplesaml_install_location',
	'SimpleSAMLphp install location',
	'simplesaml_field_input',
	'general',
	'simplesaml_section',
	array('id' => 'simplesaml_install_location')
	);

	add_settings_field(
	'simplesaml_user_login',
	'Username field',
	'simplesaml_field_input',
	'general',
	'simplesaml_section',
	array('id' => 'simplesaml_user_login')
	);

	add_settings_field(
	'simplesaml_display_name',
	'Display name field',
	'simplesaml_field_input',
	'general',
	'simplesaml_section',
	array('id' => 'simplesaml_display_name')
	);

	add_settings_field(
	'simplesaml_first_name',
	'First name field',
	'simplesaml_field_input',
	'general',
	'simplesaml_section',
	array('id' => 'simplesaml_first_name')
	);

	add_settings_field(
	'simplesaml_last_name',
	'Last name field',
	'simplesaml_field_input',
	'general',
	'simplesaml_section',
	array('id' => 'simplesaml_last_name')
	);

	add_settings_field(
	'simplesaml_user_email',
	'Email address field',
	'simplesaml_field_input',
	'general',
	'simplesaml_section',
	array('id' => 'simplesaml_user_email')
	);

	add_settings_field(
	'simplesaml_login_source_field',
	'Login source field',
	'simplesaml_field_input',
	'general',
	'simplesaml_section',
	array('id' => 'simplesaml_login_source_field')
	);

	add_settings_field(
	'simplesaml_login_source_value',
	'Login source value',
	'simplesaml_field_input',
	'general',
	'simplesaml_section',
	array('id' => 'simplesaml_login_source_value')
	);

	register_setting('general', 'simplesaml_install_location');
	register_setting('general', 'simplesaml_user_login');
	register_setting('general', 'simplesaml_display_name');
	register_setting('general', 'simplesaml_first_name');
	register_setting('general', 'simplesaml_last_name');
	register_setting('general', 'simplesaml_user_email');
	register_setting('general', 'simplesaml_login_source_field');
	register_setting('general', 'simplesaml_login_source_value');
	}

	function simplesaml_section_header()
	{
	echo '<p>Configuration of SimpleSAML based authentication</p>';
	}

	function simplesaml_field_input($args)
	{
	echo '<input name="' . $args['id'] . '" id="' . $args['id'] . '" type="text" value="' . get_option($args['id']) . '" class="regular-text" />';
	}


	// --------------------------------
	// Uninstall
	// --------------------------------

	register_uninstall_hook(__FILE__, 'simplesaml_uninstall');

	function simplesaml_uninstall()
	{
	unregister_setting('general', 'simplesaml_install_location');
	unregister_setting('general', 'simplesaml_user_login');
	unregister_setting('general', 'simplesaml_display_name');
	unregister_setting('general', 'simplesaml_first_name');
	unregister_setting('general', 'simplesaml_last_name');
	unregister_setting('general', 'simplesaml_user_email');
	unregister_setting('general', 'simplesaml_login_source_field');
	unregister_setting('general', 'simplesaml_login_source_value');
	}