• Hi there,

    I’m wanting to use a third-party tool to manage our wordpress installations (think MainWP, ManageWP, UpdraftCentral, etc). They all seem to use /admin-ajax.php to interact with the site being managed. The OneLogin SAML SSO plugin redirects that URL off to SAML authentication (as expected) whenever one of these plugins makes a request. Ultimately, this means that the management tools fail to connect to my child sites.

    To get around this, I’d like to add the following to line 55 of onelogin_saml.php:
    $want_to_local_login = isset($_GET['normal']) || (isset($_POST['log']) && isset($_POST['pwd'])) || (strpos($_SERVER['SCRIPT_NAME'], 'admin-ajax.php') !== FALSE && $_SERVER['REMOTE_ADDR'] == 'IP_Address_of_management_host');

    Is this an acceptable compromise between security and functionality, do you think? It seems to function well enough.

    Thanks!

Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • The topic ‘SAML Bypass for certain plugins’ is closed to new replies.