colemab

Tonvanleest,

These changes are related to the simplesamlphp-authentication.php file which comes as part of this plugin and should be located in the plugins directory.

Even though this is a complete copy of the code, You may want to also read the other support thread for this plugin where Tatichka and I discuss some other aspects of the implementation of this fix.

Thanks

I am glad that you were able to get it working!

I posted the full copy of my class on this thread.

I mention it so you can see where users that don’t exist in the wordpress database get added and then logged in. Please note you will need to pass uid (in the plugin) instead of wp_userid as the documentation indicates.

I am new to wordpress plug-ins and so I am not sure *why* this works but the code above works for me. Since you were having the same problem, I thought I would share what I found.

Maybe you can take that line out and let us know if it works for you? Or post another solution if you have one?

function authenticate(&$username, &$password) {
			global $simplesaml_authentication_opt, $simplesaml_configured, $as;

			if (!$simplesaml_configured) {
				die("simplesaml-authentication plugin not configured");
			}
			// Reset values from input ($_POST and $_COOKIE)
			$username = $password = '';

			$as->requireAuth();

			$attributes = $as->getAttributes();

			/*
			 * Only allow usernames that are not affected by sanitize_user(), and that are not
			 * longer than 60 characters (which is the 'user_login' database field length).
			 * Otherwise an account would be created but with a sanitized username, which might
			 * clash with an already existing account.
			 * See sanitize_user() in wp-includes/formatting.php.
			 */
			if(empty($simplesaml_authentication_opt['username_attribute'])) {
				$username = $attributes['uid'][0];
			} else {
				$username = $attributes[$simplesaml_authentication_opt['username_attribute']][0];
			}

			if ($username != substr(sanitize_user($username, TRUE), 0, 60)) {
				$error = sprintf(__('<p><strong>ERROR</strong><br /><br />
				We got back the following identifier from the login process:<pre>%s</pre>
				Unfortunately that is not suitable as a username.<br />
				Please contact the <a href="mailto:%s">blog administrator</a> and ask to reconfigure the
				simpleSAMLphp plugin!</p>'), $username, get_option('admin_email'));
				$errors['registerfail'] = $error;
				print($error);
				exit();
			}

			$password = md5(SimpleSAMLAuthentication::passwordRoot());

			if (!function_exists('get_user_by')) {
				die("Could not load user data");
			}

			$user = get_user_by('login', $username);

			if ($user) { // user already exists - try to log them in															

				$user = wp_authenticate($username, $password);
				wp_set_current_user($user->ID); //Here is where we update the global user variables
				wp_set_auth_cookie($user->ID);
				do_action('wp_login',$userdata->ID);

				if (isset($_REQUEST['redirect_to'])){
					wp_redirect($_REQUEST['redirect_to']);
				} else {
					wp_redirect(get_bloginfo('url'));
				}

				exit;

			} else {
				// First time logging in
				if ($simplesaml_authentication_opt['new_user'] == 1) {
					// Auto-registration is enabled
					// User is not in the WordPress database
					// They passed SimpleSAML and so are authorised
					// Add them to the database

					// User must have an e-mail address to register
					$user_email = '';
					$email_attribute = empty($simplesaml_authentication_opt['email_attribute']) ? 'mail' : $simplesaml_authentication_opt['email_attribute'];

					if($attributes[$email_attribute][0]) {
						// Try to get email address from attribute
						$user_email = $attributes[$email_attribute][0];
					} else {
						// Otherwise use default email suffix
						if ($simplesaml_authentication_opt['email_suffix'] != '') {
							$user_email = $username . '@' . $simplesaml_authentication_opt['email_suffix'];
						}
					}

					$user_info = array();
					$user_info['user_login'] = $username;
					$user_info['user_pass'] = $password;
					$user_info['user_email'] = $user_email;

					if(empty($simplesaml_authentication_opt['firstname_attribute'])) {
						$user_info['first_name'] = $attributes['givenName'][0];
					} else {
						$user_info['first_name'] = $attributes[$simplesaml_authentication_opt['firstname_attribute']][0];
					}

					if(empty($simplesaml_authentication_opt['lastname_attribute'])) {
						$user_info['last_name'] = $attributes['sn'][0];
					} else {
						$user_info['last_name'] = $attributes[$simplesaml_authentication_opt['lastname_attribute']][0];
					}

					// Set user role based on eduPersonEntitlement
					if ($simplesaml_authentication_opt['admin_entitlement'] != '' &&
						$attributes['eduPersonEntitlement'] &&
						in_array($simplesaml_authentication_opt['admin_entitlement'],
						$attributes['eduPersonEntitlement'])) {
						$user_info['role'] = "administrator";
					} else {
						$user_info['role'] = "subscriber";
					}

					$wp_uid = wp_insert_user($user_info);

					// the user should have been crated so lets confirm this
					$user = get_user_by('login', $username);

					if ($user) { // user already exists - try to log them in
						$user = wp_authenticate($username, $password);
						wp_set_current_user($user->ID); //Here is where we update the global user variables
						wp_set_auth_cookie($user->ID);
						do_action('wp_login',$userdata->ID);

						if (isset($_REQUEST['redirect_to'])){
							wp_redirect($_REQUEST['redirect_to']);
						} else {
							wp_redirect(get_bloginfo('url'));
						}

						exit;
					}

				} else {
					$error = sprintf(__('<p><strong>ERROR</strong>: %s is not registered with this blog.
						Please contact the <a href="mailto:%s">blog administrator</a> to create a new
						account!</p>'), $username, get_option('admin_email'));
					$errors['registerfail'] = $error;
					print($error);
					print('<p><a href="/wp-login.php?action=logout">Log out</a> of SimpleSAML.</p>');
					exit();
				}
			}
		}

if ($user) { // user already exists - try to log them in															

				$user = wp_authenticate($username, $password);
				wp_set_current_user($user->ID); //Here is where we update the global user variables
				wp_set_auth_cookie($user->ID);
				do_action('wp_login',$userdata->ID);

				if (isset($_REQUEST['redirect_to'])){
					wp_redirect($_REQUEST['redirect_to']);
				} else {
					wp_redirect(get_bloginfo('url'));
				}

				exit;

			} else {