Cars10
Forum Replies Created
-
Forum: Plugins
In reply to: [WP SAML Auth] Authcontext prevents loginif(0)add_filter( 'wp_saml_auth_option', function( $value, $option_name ){
if ( 'connection_type' === $option_name ) {
return 'internal';
}
return $value;
},
10,
2
);This had to be deactivated thewn it worked with the other filter…damn.
Forum: Plugins
In reply to: [WP SAML Auth] Authcontext prevents login// Set connection type to internal (bundled OneLogin library)
add_filter( ‘wp_saml_auth_option’, function( $value, $option_name ){
if ( ‘connection_type’ === $option_name ) {
return ‘internal’;
}
return $value;
},
10,
2
);// Fix Azure AD requestedAuthnContext issue
add_filter( ‘wp_saml_auth_internal_config’, function( $config ) {
$config[‘security’][‘requestedAuthnContext’] = false;
return $config;
}
);(this block editor here makes me nuts)
Forum: Plugins
In reply to: [WP SAML Auth] Authcontext prevents loginEntity Id (Required): urn:sites.e…….. –> SET!
Single SignOn Service URL (Required): https://login.microsoft …..–> SET!
x509 Certificate Path: ABSPATH/wp-admin/cer/Sites_SAML_SSO.cer –> SET!
So, what missing? I am sure PHP had issue with all settings due to code mismatch/incompatibilty
Forum: Plugins
In reply to: [WP SAML Auth] Authcontext prevents loginI will investigate tomorrow at work…but…our SSO DOES work….with IIdP settings but only as long as my hack is in place. I think it is some code error in the filter or the way settings are replaced.
Maybe I set up a seperate site and test carefully there as I cannot kill our user’s auth all the time, even if just for a few minutes – it is LIVE systems!
thanks
Forum: Plugins
In reply to: [WP SAML Auth] Authcontext prevents loginIf I use your example code (I will need to debug) I get
<br />
<b>Fatal error</b>: Uncaught OneLogin\Saml2\Error: Invalid array settings: idp_entityId_not_found, idp_sso_not_found, idp_cert_or_fingerprint_not_found_and_required in /home/siteseumetsat/public_html/wp-content/plugins/wp-saml-auth/vendor/onelogin/php-saml/src/Saml2/Settings.php:139
Stack trace:
#0 /home/siteseumetsat/public_html/wp-content/plugins/wp-saml-auth/vendor/onelogin/php-saml/src/Saml2/Auth.php(176): OneLogin\Saml2\Settings->__construct(Array, false)
#1 /home/siteseumetsat/public_html/wp-content/plugins/wp-saml-auth/inc/class-wp-saml-auth.php(99): OneLogin\Saml2\Auth->__construct(Array)
#2 /home/siteseumetsat/public_html/wp-content/plugins/wp-saml-auth/inc/class-wp-saml-auth.php(73): WP_SAML_Auth->set_provider()
#3 /home/siteseumetsat/public_html/wp-content/plugins/wp-saml-auth/inc/class-wp-saml-auth.php(336): WP_SAML_Auth->get_provider()
#4 /home/siteseumetsat/public_html/wp-content/plugins/wp-saml-auth/inc/class-wp-saml-auth.php(307): WP_SAML_Auth->do_saml_authentication()
#5 /home/siteseumetsat/public_html/wp-includes/class-wp-hook.php(341): WP_SAML_Auth->filter_authenticate(Object(WP_Error), '', '')
#6 /home/siteseumetsat/public_html/wp-includes/plugin.php(205): WP_Hook->apply_filters(Object(WP_Error), Array)
#7 /home/siteseumetsat/public_html/wp-includes/pluggable.php(702): apply_filters('authenticate', NULL, '', '')
#8 /home/siteseumetsat/public_html/wp-includes/user.php(109): wp_authenticate('', Object(SensitiveParameterValue))
#9 /home/siteseumetsat/public_html/wp-login.php(1323): wp_signon(Array, true)
#10 {main}
thrown in <b>/home/siteseumetsat/public_html/wp-content/plugins/wp-saml-auth/vendor/onelogin/php-saml/src/Saml2/Settings.php</b> on line <b>139</b><br />Forum: Plugins
In reply to: [WP SAML Auth] Authcontext prevents loginfunction wpsa_filter_option( $value, $option_name ) {
$defaults = [
/**
* Type of SAML connection bridge to use.
*
* 'internal' uses OneLogin bundled library; 'simplesamlphp' uses SimpleSAMLphp.
*
* Defaults to SimpleSAMLphp for backwards compatibility.
*
* @param string
*/
'connection_type' => 'simplesamlphp',
/**This above is currenlty set. I was not sure what value I should have. I expected that code will work as delivered after update.
The 2nd part: Do you mean I need to weite my own filter in a custom plugin? I am not sure I have this yet. But it can add a custom plugin for this.
So, my current take is, that a fresh installation will not work, I need to do still somebespoke changes in plugin + custom plugin whic get overridden every time your plugin updates. Idealy, I could cotrol all this via admin options in your plugin….a UI
Forum: Plugins
In reply to: [WP SAML Auth] Authcontext prevents loginI installed 2.3.0 over the old one and this still happens:
AADSTS75011: Authentication method ‘X509, MultiFactor, X509Device’ by which the user authenticated with the service doesn’t match requested authentication method ‘Password, ProtectedTransport’. Contact the Sites SAML SSO application owner.
Was I suppose to change any setting?
I re-added my patch to AuthnRequest.php. Frustrating
- This reply was modified 5 months ago by Cars10.
Hi Rica
OK, fine that you say it is default, but do you find this behaviour intuitive from UI/X design? If it confuses a technician like me, then I think many are confused. What is the logic behind this behaviour? Apparently, I have a different expectation….
thanks
Carsten
How can I share a screencast securely not publicly?
Forum: Plugins
In reply to: [WP SAML Auth] Authcontext prevents loginThanks, I see this works, too, however the code is differently formatted for json like array:
'security' => [ 'requestedAuthnContext' => false, ],and any upcoming update will overwrite our code fixes so please at least provide a simple fix with an option for this flag and a reference to this ticket until you have a final fix, so updates dont break SAML.
- This reply was modified 9 months ago by Cars10.
Forum: Plugins
In reply to: [WP SAML Auth] Authcontext prevents loginI’d like to hear the author on this. So far, silence, why?
Forum: Plugins
In reply to: [WP SAML Auth] Custom redirectTo field after succesfull loginI would like this feature as well. We currently use LoginWP to cover this part.
There is an additional usecase mising, that may be wise to implement in parallel: Logout for SAML accounts and local accounts:
- After Logout, it may be useful to lead the user either again to login, or any specific Public page
- For non-SAML accounts, the logout has to be kept purely local, bot using IdP “Single Logout Service URL” as this leads to errors, only wokring for SAML-accounts
my 2 cents
Carsten
I see, it was taking root of a network before. thanks!
Forum: Plugins
In reply to: [Custom Login] CSS directive escapedMy contractor has just updated all plugins and it seems fixed, but I could not check source code anymore.
thanks!!! fantastic!
Carsten
Hi and thanks for the reply
I tried it and it went to the root site, not the subsite. It may be an interference with other plugins, but I would need to set up another site to see.
I also use
– OneLogin SAML SSO (I keep local login, I dont force login here)
– Force login (here I use force login)
– Custom Login (just layout, not tampering anything else)
– other plugins of course, but not where I have a suspicion onIt would have been convenient to use placeholders, but if the absolute URL has to be placed for it to work, that is an acceptable workaround
thanks