leerpodium

Thanks a lot! This solved the issue.

1. Maybe there is a plugin / theme conflict? Have you tried disabling all plugins and switching to standard theme and check if the problem still occurs?

2. Also: have you set correct permissions to the plugin files (i.e. executable by www-data/apache)?

To check whether wp_set_password is writing changes for existing users and check if this new value is correct – I did the following:

1. authenticate through SSO with a new user (e.g. user1)
2. change the username of this user into something else (e.g. user1check)
3. manually create the user you created trough sso (i.e. user1)
4. look at password hash of user1 in the db
5. authenticate through SSO
6. check if password hash has been changed for user1 (and if so: is it now the same as the password hash as user1check?)

If there is no change in the password hash, maybe you copy/pasted the suggested code in the wrong place or there’s a typo?

Or maybe you forgot to paste the
require_once(ABSPATH . WPINC . '/ms-functions.php');
into the code?

Thanks for the improvement! We have updated our code with your version.

Update: We were able to resolve this issue by adding this logic to the code:

If a user already exists, then update the password with the password the plugin expects.

So we changed line 58 at plugin file /lib/classes/saml_client.php

$this->simulate_signon($username);

to:

require_once(ABSPATH . WPINC . '/ms-functions.php');
	  $user_id = get_user_id_from_string( $username );
	  $newpass = $this->user_password($username,$this->secretsauce);
	  wp_set_password( $newpass , $user_id );
          $this->simulate_signon($username);

Do you have the option ‘Allow SSO Bypass’ enabled in the general tab of the plugin settings?