Created
February 22, 2021 11:21
-
-
Save mcserep/d14f73b054bbb88c274c9568e35eba10 to your computer and use it in GitHub Desktop.
Minimalistic Wordpress authentication hook to use an external, Shibboleth based method to verify users via SimpleSAMLphp.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
/** | |
* Plugin Name: Simple SAML Authenticator | |
* Plugin URI: https://gist.github.com/mcserep/d14f73b054bbb88c274c9568e35eba10 | |
* Description: Defines an authentication hook to use an external, Shibboleth based method to verify users. | |
* Version: 1.0.0 | |
* Author: Máté Cserép | |
* Author URI: http://codenet.hu/ | |
* License: GPL v2 or later | |
* License URI: https://www.gnu.org/licenses/gpl-2.0.html | |
*/ | |
// This action is located inside of wp_signon. In contrast to the wp_login action, it is executed before the WordPress authentication process. | |
add_action('wp_authenticate', 'simplesaml_auth'); | |
/** | |
* Replaces the default WP authentication with the a SAML based alternative. | |
*/ | |
function simplesaml_auth() | |
{ | |
// require HTTPS | |
if (!is_ssl()) | |
{ | |
wp_safe_redirect("https://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]"); | |
exit; | |
} | |
// load SimpleSAMLphp | |
$installLocation = get_option('simplesaml_install_location', $_SERVER['HOME']); | |
require_once "$installLocation/samlsrc/simplesamlphp/lib/_autoload.php"; | |
require_once "$installLocation/samlsrc/simplesamlphp/lib/SimpleSAML/Auth/Simple.php"; | |
// perform authentication | |
$simpleSaml = new SimpleSAML_Auth_Simple('default-sp'); | |
$simpleSaml->requireAuth(); | |
$attr = $simpleSaml->getAttributes(); | |
// check results | |
if(empty($attr)) | |
return; | |
// get field names from options | |
$userOptions = array( | |
'user_login' => get_option('simplesaml_user_login'), | |
'display_name' => get_option('simplesaml_display_name'), | |
'first_name' => get_option('simplesaml_first_name'), | |
'last_name' => get_option('simplesaml_last_name'), | |
'user_email' => get_option('simplesaml_user_email'), | |
); | |
// verify whether field names are defined | |
if(in_array(false, $userOptions)) | |
return; | |
// check login source (if given) | |
$loginSourceField = get_option('simplesaml_login_source_field'); | |
$loginSourceValue = get_option('simplesaml_login_source_value'); | |
if($loginSourceField !== false && $attr[$loginSourceField][0] != $loginSourceValue) | |
$simpleSaml->logout(); | |
// find user | |
if(username_exists($attr[$userOptions['user_login']][0])) | |
{ | |
$user = get_user_by('login', $attr[$userOptions['user_login']][0]); | |
} | |
else | |
{ | |
// create user if not exists | |
$userdata = array( | |
'user_login' => $attr[$userOptions['user_login']][0], | |
'display_name' => $attr[$userOptions['display_name']][0], | |
'first_name' => $attr[$userOptions['first_name']][0], | |
'last_name' => $attr[$userOptions['last_name']][0], | |
'user_email' => $attr[$userOptions['user_email']][0], | |
); | |
$newId = wp_insert_user($userdata); | |
$user = get_user_by('id', $newId); | |
} | |
// login user into WP | |
wp_set_current_user($user->ID, $user->user_login); | |
wp_set_auth_cookie($user->ID); | |
do_action('wp_login', $user->user_login); | |
// redirect to originally visited page | |
if(isset($_GET['redirect_to']) && !empty($_GET['redirect_to'])) | |
{ | |
$_GET['redirect_to'] = preg_replace('|^http:\/\/|', 'https://', $_GET['redirect_to']); | |
wp_safe_redirect($_GET['redirect_to']); | |
exit; | |
} | |
else | |
{ | |
wp_safe_redirect(admin_url('', 'https')); | |
exit; | |
} | |
} | |
// -------------------------------- | |
// Settings interface | |
// -------------------------------- | |
add_action('admin_init', 'simplesaml_settings'); | |
function simplesaml_settings() | |
{ | |
add_settings_section( | |
'simplesaml_section', | |
'SimpleSAML authentication', | |
'simplesaml_section_header', | |
'general' | |
); | |
add_settings_field( | |
'simplesaml_install_location', | |
'SimpleSAMLphp install location', | |
'simplesaml_field_input', | |
'general', | |
'simplesaml_section', | |
array('id' => 'simplesaml_install_location') | |
); | |
add_settings_field( | |
'simplesaml_user_login', | |
'Username field', | |
'simplesaml_field_input', | |
'general', | |
'simplesaml_section', | |
array('id' => 'simplesaml_user_login') | |
); | |
add_settings_field( | |
'simplesaml_display_name', | |
'Display name field', | |
'simplesaml_field_input', | |
'general', | |
'simplesaml_section', | |
array('id' => 'simplesaml_display_name') | |
); | |
add_settings_field( | |
'simplesaml_first_name', | |
'First name field', | |
'simplesaml_field_input', | |
'general', | |
'simplesaml_section', | |
array('id' => 'simplesaml_first_name') | |
); | |
add_settings_field( | |
'simplesaml_last_name', | |
'Last name field', | |
'simplesaml_field_input', | |
'general', | |
'simplesaml_section', | |
array('id' => 'simplesaml_last_name') | |
); | |
add_settings_field( | |
'simplesaml_user_email', | |
'Email address field', | |
'simplesaml_field_input', | |
'general', | |
'simplesaml_section', | |
array('id' => 'simplesaml_user_email') | |
); | |
add_settings_field( | |
'simplesaml_login_source_field', | |
'Login source field', | |
'simplesaml_field_input', | |
'general', | |
'simplesaml_section', | |
array('id' => 'simplesaml_login_source_field') | |
); | |
add_settings_field( | |
'simplesaml_login_source_value', | |
'Login source value', | |
'simplesaml_field_input', | |
'general', | |
'simplesaml_section', | |
array('id' => 'simplesaml_login_source_value') | |
); | |
register_setting('general', 'simplesaml_install_location'); | |
register_setting('general', 'simplesaml_user_login'); | |
register_setting('general', 'simplesaml_display_name'); | |
register_setting('general', 'simplesaml_first_name'); | |
register_setting('general', 'simplesaml_last_name'); | |
register_setting('general', 'simplesaml_user_email'); | |
register_setting('general', 'simplesaml_login_source_field'); | |
register_setting('general', 'simplesaml_login_source_value'); | |
} | |
function simplesaml_section_header() | |
{ | |
echo '<p>Configuration of SimpleSAML based authentication</p>'; | |
} | |
function simplesaml_field_input($args) | |
{ | |
echo '<input name="' . $args['id'] . '" id="' . $args['id'] . '" type="text" value="' . get_option($args['id']) . '" class="regular-text" />'; | |
} | |
// -------------------------------- | |
// Uninstall | |
// -------------------------------- | |
register_uninstall_hook(__FILE__, 'simplesaml_uninstall'); | |
function simplesaml_uninstall() | |
{ | |
unregister_setting('general', 'simplesaml_install_location'); | |
unregister_setting('general', 'simplesaml_user_login'); | |
unregister_setting('general', 'simplesaml_display_name'); | |
unregister_setting('general', 'simplesaml_first_name'); | |
unregister_setting('general', 'simplesaml_last_name'); | |
unregister_setting('general', 'simplesaml_user_email'); | |
unregister_setting('general', 'simplesaml_login_source_field'); | |
unregister_setting('general', 'simplesaml_login_source_value'); | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment