felixja

I have the same problem :/. Did you find the cause??

Thanks!

Well,

I fixed both problems but I don’t delete the thread because may be useful for other people.

The first one was fixed changing from persistent to transient the NameID Policy in service provider tab.

Well, the second was caused because I had the user previously created in the WP admin and this plugin automatically creates a password when receive a login request from SAML. That password mismatch was the reason for the password error.

I will make a recomendation too. In my case, we can’t store the roles on the SSO server, we wanted to manage them through the WordPress and by default this plugin launch an error if it don’t receive the role from the idp. Solution for this was easy:

All the login and register stuff is on the file lib\classes\saml_client.php. In that file I changed the “none” value in update_role function to subscriber so if the idp doesn’t send the role and it is a new user it would be registered as subscriber allowing you to change and manage his role from administrator account.

We had to do another change. By default this plugin read the role from the SAML information even if is an already registered user and updates it, so it overrides your selection on users management. Solution is to comment the “$this->update_role()” call at the function “simulate_signon()”.

That’s it! All working perfect.

I can say that this plugin works very good and its “easy” to use. Maybe you have to investigate a little, but it can be used even with a private SSO platform (from a big company was my case).