dbrooke1007

Please ignore this post.. after many months, I realized that the problem was my important role, which was ‘Administrators’, instead of ‘Administrator’. I hadn’t had to deal with this in previous installs so I didn’t catch it.

Vanilla try’s to match roles via Role Name with wordpress, it applies roles via first match, and if not found, a default.

Editing the Role of ‘Admininistrators’ (getting rid of the ‘S’) fixed this. :-/

Hi, hoping I can get a response on this. I have close to a working system using:
WordPress 4.9.8
Vanilla 2.6
Vanilla Plugin (with edits) 1.1.8
Latest Groups Plugin
OneLogin SAML SSO Plugin

We have around 10 brands that I’d like to propagate this Single Sign On system to.. but I am awaiting some solidification of small remaining details.

One of the (continuing) remaining issues is this plugin… role propagation, and then keeping up with WordPress changes.

I posted an issue here:
https://github.com/vanilla/wordpress-vanilla/issues/26

Basically, the plugin 1.1.8 and 1.1.9 in SVN, is still using a function that had been deprecated by wordpress. Finally, it stopped working and was causing problems when using the /sso link. My fix fixes that. However, I still have the role propagation issue.

I then noticed that there are differences between the github version and the SVN version. Do you know if the SVN v. 1.1.9 fixes the role propagation issue?

I did some testing. I found another WordPress 4.9.7 site that we have and installed groups there too. I then simply turned on the local membership registration, created a user, and then went to the users panel. ‘Registered’ was indeed applied to this manually created user.

Next, I installed the OneLogin SAML SSO plug-in, configured it, then signed in with that using Single Sign On. This verified the same error of ‘Registered’ not automatically being applied.

Finally, I updated wordpress to 4.9.8, just to check if there was something in that update that might fix the issue. It did not.

I can only concluded that there is likely some incompatibility between the Groups and OneLogin SAML SSO plugins, that is preventing Groups from assigning ‘Registered’ to newly created users. Again, this works on older versions of the two plugins.

Daniel, thanks for getting back to me. At risk of making my/our brain/s hurt…

I have some logic flow challenges. We are looking at implementing your plugin to around 20 or so wordpress sites, but I’ll limit the scope to the basics, with the goal of coming to a proof of concept.

We 3 main components:
1.) Our user / subscriber database (3rd party service with a gateway)
No user/pass is kept here, only subscriber number and active / expired info)
2.) SimpleSAMLphp install (basic working install)
3.) WorPress Sites (some with forums).

The main problem I can’t yet get my head around is the final logic flow, specifically regarding usernames / passwords… as I’m not even sure they are needed.

With simpleSAMLphp, I am able to start a session with a user login by making the user type their subscriber number and another piece of information, such as their email. That is not really a user / pass, but it the only way I know how to log a user in right now with simpleSAMLphp.

So, what do I do with that info? I can probably use a plugin such as yours to auto-login a user… but that means that the user would always have to type an 11 digit number and their email. I’m not sure that is user-friendly.

Another complexity is the associated forums for these wordpress sites. Right now my idea is to port everything to Vanilla forums, which has both a wordpress connector, and a SAML connector. Some of these forums have a lot of current users already.. that contain username / passwords, and other info.

So, some questions…
– Does wordpress even need anything saved to the local user / pass?
– Should I rather do all authentication remotely?

My thought is to create a 4th component that is another “Web Users” database that replaces the current Authority of users for simpleSAMLphp, and to use the existing Authority of users as a ‘registration’ system… so, the basic process would be like:

User wants to log into wordpress.
Wordpress redirects to simpleSAMLphp.
simpleSAMLphp checks user / pass, if exists, logs user in.
if does not exist, user redirects to registration.
user registers with 3rd party gateway, a user record is created in the 4th component.
user then is prompted to create a username / pasword for that new record.
Now user can log in.

That is basically what I can come up with.. lots of work. :-). But, I thought I’d see what you thought. Is there a more simple way to do this?

My best thought is this: