Title: [Plugin: simpleSAMLphp Authentication] Network update for simpleSAMLphp plugin Last modified: August 20, 2016 --- # [Plugin: simpleSAMLphp Authentication] Network update for simpleSAMLphp plugin * [charlielove](https://wordpress.org/support/users/charlielove/) * (@charlielove) * [14 years, 5 months ago](https://wordpress.org/support/topic/plugin-simplesamlphp-authentication-network-update-for-simplesamlphp-plugin/) * I found this plugin to work well but it only adds the user connecting to one blog. I have updated the plugin so that when connecting to a WordPress Network it will add the user and then provision a new blog using the username as the identifier. * I’ve quickly removed some of the paths from my own install but the code I uses is as follows. Thought it might help with version 0.6 🙂 * ``` register_activation_hook( __FILE__, 'set_simplesamlphp_settings' ); add_action('admin_menu', 'simplesaml_authentication_add_options_page'); $simplesaml_authentication_opt = get_site_option('simplesaml_authentication_options'); $simplesaml_configured = true; // try to configure the simpleSAMLphp client if ($simplesaml_authentication_opt['include_path'] == '') { $simplesaml_configured = false; } else { $include_file = $simplesaml_authentication_opt['include_path']."/lib/_autoload.php"; if (!include_once($include_file)) $simplesaml_configured = false; } if ($simplesaml_configured) { if($simplesaml_authentication_opt['sp_auth'] == '') $sp_auth = 'default-sp'; else $sp_auth = $simplesaml_authentication_opt['sp_auth']; $as = new SimpleSAML_Auth_Simple($sp_auth); } // for wp_create_user function on line 120 require_once (ABSPATH . WPINC . '/registration.php'); // plugin hooks into authentication system add_action('wp_authenticate', array('SimpleSAMLAuthentication', 'authenticate'), 10, 2); add_action('wp_logout', array('SimpleSAMLAuthentication', 'logout')); add_action('lost_password', array('SimpleSAMLAuthentication', 'disable_function')); add_action('retrieve_password', array('SimpleSAMLAuthentication', 'disable_function')); add_action('password_reset', array('SimpleSAMLAuthentication', 'disable_function')); add_filter('show_password_fields', array('SimpleSAMLAuthentication', 'show_password_fields')); if (!class_exists('SimpleSAMLAuthentication')) { class SimpleSAMLAuthentication { // password used by the plugin function passwordRoot() { return 'Authenticated through SimpleSAML'; } /* We call simpleSAMLphp to authenticate the user at the appropriate time If the user has not logged in previously, we create an account for them */ function authenticate(&$username, &$password) { global $simplesaml_authentication_opt, $simplesaml_configured, $as; if (!$simplesaml_configured) die("simplesaml-authentication plugin not configured"); // Reset values from input ($_POST and $_COOKIE) $username = $password = ''; $as->requireAuth(); $attributes = $as->getAttributes(); $username = $attributes['cn'][0]; $password = md5(SimpleSAMLAuthentication::passwordRoot()); if (!function_exists('get_userdatabylogin')) die("Could not load user data"); $user = get_userdatabylogin($username); if ($user) { // user already exists //we will update the password in the user account just in case we have screwed it up and changed it! $user_info = array(); $user_info['ID'] = $user->ID; $user_info['user_pass'] = $password; wp_update_user( $user_info ) ; return true; } else { // first time logging in if ($simplesaml_authentication_opt['new_user'] == 1) { // auto-registration is enabled // User is not in the WordPress database // they passed SimpleSAML and so are authorized // add them to the database // User must have an email address to register if($attributes['mail']) { // Try to get email address from attributes $user_email = $attributes['mail'][0]; } else { // Otherwise use default email suffix if ($simplesaml_authentication_opt['email_suffix'] != '') $user_email = $username . '@' . $simplesaml_authentication_opt['email_suffix']; } //correctly read other attributs $user_info = array(); $user_info['user_login'] = $username; $user_info['user_pass'] = $password; $user_info['user_email'] = $user_email; if($attributes['givenName']) $user_info['first_name'] = $attributes['givenName'][0]; if($attributes['sn']) $user_info['last_name'] = $attributes['sn'][0]; // Set user role based on eduPersonEntitlement if($simplesaml_authentication_opt['admin_entitlement'] != '' && $attributes['eduPersonEntitlement'] && in_array($simplesaml_authentication_opt['admin_entitlement'], $attributes['eduPersonEntitlement'])) { $user_info['eduPersonEntitlement'] = "administrator"; } else { $user_info['eduPersonEntitlement'] = "author"; } //now create the users primary blog for them $blog_title = strtolower(preg_replace('/[^a-zA-Z0-9 ]/','',$username)); $wp_uid = wp_insert_user($user_info); $result = wpmu_create_blog('blogs.glew.org.uk','/' .$blog_title,$blog_title,$wp_uid,array(),'1'); //remove user from main blog! remove_user_from_blog($wp_uid, '1', ''); //write options for authentication plugin if (function_exists('add_options_page')) { add_options_page('simpleSAMLphp Authentication', 'simpleSAMLphp Authentication', 8, basename(__FILE__), 'simplesaml_authentication_options_page'); } // Setup Default Options Array global $wpdb; $optionarray_update = array( 'new_user' => TRUE, 'redirect_url' => '', 'email_suffix' => 'example.com', 'sp_auth' => 'default-sp', 'include_path' => $simplesaml_authentication_opt['include_path'], 'admin_entitlement' => '', ); add_site_option($result, 'simplesaml_authentication_options', $optionarray_update); } else { $error = sprintf(__('

ERROR: %s is not registered with this blog. Please contact the blog administrator to create a new account!

'), $username, get_option('admin_email')); $errors['registerfail'] = $error; print($error); print('

Log out of SimpleSAML.

'); exit(); } } } //do hook for activating a blog function set_simplesamlphp_settings() { // Setup Default Options Array global $wpdb; global $blog_id; $optionarray_update = array( 'new_user' => TRUE, 'redirect_url' => '', 'email_suffix' => 'example.com', 'sp_auth' => 'default-sp', 'include_path' => '', 'admin_entitlement' => '', ); add_blog_option($blog_id, 'simplesaml_authentication_options', $optionarray_update); } function logout() { global $simplesaml_authentication_opt, $simplesaml_configured, $as; if (!$simplesaml_configured) die("simplesaml-authentication not configured"); $as->logout(get_settings('siteurl')); } /* Don't show password fields on user profile page. */ function show_password_fields($show_password_fields) { return false; } function disable_function() { die('Disabled'); } } } //---------------------------------------------------------------------------- // ADMIN OPTION PAGE FUNCTIONS //---------------------------------------------------------------------------- function simplesaml_authentication_add_options_page() { if (function_exists('add_options_page')) { add_options_page('simpleSAMLphp Authentication', 'simpleSAMLphp Authentication', 8, basename(__FILE__), 'simplesaml_authentication_options_page'); } } function simplesaml_authentication_options_page() { global $wpdb; // Setup Default Options Array $optionarray_def = array( 'new_user' => TRUE, 'redirect_url' => '', 'email_suffix' => 'example.com', 'sp_auth' => 'default-sp', 'include_path' => ' '', ); if (isset($_POST['submit']) ) { // Options Array Update $optionarray_update = array ( 'new_user' => $_POST['new_user'], 'redirect_url' => $_POST['redirect_url'], 'email_suffix' => $_POST['email_suffix'], 'include_path' => $_POST['include_path'], 'sp_auth' => $_POST['sp_auth'], 'admin_entitlement' => $_POST['admin_entitlement'], ); update_site_option('simplesaml_authentication_options', $optionarray_update); } // Get Options $optionarray_def = get_site_option('simplesaml_authentication_options'); ?>

simpleSAMLphp Authentication Options

path,0,-1); if(is_super_admin()) { ?>

User registration options

User registration (Users will be registered with the role of Subscriber.)
If an email address is not availble from the IdP username@domain will be used.
An eduPersonEntitlement URI to be mapped to the Administrator role.

simpleSAMLphp options

Note: Once you fill in these options, WordPress authentication will happen through simpleSAMLphp, even if you misconfigure it. To avoid being locked out of WordPress, use a second browser to check your settings before you end this session as Administrator. If you get an error in the other browser, correct your settings here. If you can not resolve the issue, disable this plug-in.

simpleSAMLphp suggested location is /var/simplesamlphp.
simpleSAMLphp default is "default-sp".

Sorry, but you cannot edit these settings
``` * [http://wordpress.org/extend/plugins/simplesamlphp-authentication/](http://wordpress.org/extend/plugins/simplesamlphp-authentication/) The topic ‘[Plugin: simpleSAMLphp Authentication] Network update for simpleSAMLphp plugin’ is closed to new replies. * ![](https://s.w.org/plugins/geopattern-icon/simplesamlphp-authentication.svg) * [simpleSAMLphp Authentication](https://wordpress.org/plugins/simplesamlphp-authentication/) * [Frequently Asked Questions](https://wordpress.org/plugins/simplesamlphp-authentication/#faq) * [Support Threads](https://wordpress.org/support/plugin/simplesamlphp-authentication/) * [Active Topics](https://wordpress.org/support/plugin/simplesamlphp-authentication/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/simplesamlphp-authentication/unresolved/) * [Reviews](https://wordpress.org/support/plugin/simplesamlphp-authentication/reviews/) * 0 replies * 1 participant * Last reply from: [charlielove](https://wordpress.org/support/users/charlielove/) * Last activity: [14 years, 5 months ago](https://wordpress.org/support/topic/plugin-simplesamlphp-authentication-network-update-for-simplesamlphp-plugin/) * Status: not resolved