nithinkumar8049

Hi there,

Thanks for responding.

I actually wanted to access the term meta per post basis and the below query helped me

select meta_value from wp_termmeta where term_id in(select term_id from wp_term_relationships tr join wp_term_taxonomy tt on tr.term_taxonomy_id = tt.term_taxonomy_id where tr.object_id=%%ID%%) and meta_key=’abcd’

Hope it may help someone trying to access the term meta without writing PHP function.

Regards,
Nithin.

Hi Mike,

I have been facing the same issue that you have described above “You do not have permissions to access this page” in multi-site environment.

Even after I remove the current_user_can code from brightcove.php and brightcove_admin.php, I do get the same error while I try to access mysite.com/wp-admin/admin.php?page=brightcove_menu

Removing the code from brightcove_admin helped me remove the admin notification only.

Kindly suggest how you got rid of “You do not have permissions to access this page” issue?

Hi Markphipps,

Firstly thanks a lot for your continuous support.

Yes, it was the issue with the Idp server, which was not sending the username.(Eg ‘nkumar’)

It is really nice that we are finally able to log-in.

But we have an issue with Logout functionality.

It says:

The debug information below may be of interest to the administrator / help desk:

SimpleSAML_Error_NoState: NOSTATE

Backtrace:
2 /opt/httpd/stage_wp/www/docs/appfactory_wp/wp-content/plugins/saml-20-single-sign-on/saml/lib/SimpleSAML/Auth/State.php:232 (SimpleSAML_Auth_State::loadState)
1 /opt/httpd/stage_wp/www/docs/appfactory_wp/wp-content/plugins/saml-20-single-sign-on/saml/modules/saml/www/sp/saml2-acs.php:54 (require)
0 /opt/httpd/stage_wp/www/docs/appfactory_wp/wp-content/plugins/saml-20-single-sign-on/saml/www/module.php:135 (N/A)

Also in the Identity provider tab do the Single Sign-on URL and Single Logout URL have to be same?? Can you please correct me as shown below:

Single Sign-On URL: https://xyz.com/idp/SSO.saml2
 Single Logout URL: https://xyz.com/idp/SSO.saml2

Thanks & Regards,
Nithin Kumar.

Good morning Markphipps,

After a great struggle i have managed to connect to the IDP server and the same is sending the values correctly except that it is not giving me the Name ID.

In the Service Provider tab, we have Attributes section where in we have given “NameID” as the Attribute for username.

In saml_client we have the following function:

public function authenticate()
  {
    if( isset($_GET['loggedout']) && $_GET['loggedout'] == 'true' )
    {
      header('Location: ' . get_option('siteurl'));
      exit();
    }
    else
    {
      $this->saml->requireAuth( array('ReturnTo' => get_admin_url() ) );
      $attrs = $this->saml->getAttributes();
	  echo "<pre>";
	print_r($attrs);
	echo "</pre>";
	print_r($this->settings->get_attribute('username'));
      if(array_key_exists($this->settings->get_attribute('username'), $attrs) )
      {
        $username = $attrs[$this->settings->get_attribute('username')][0];
        if(get_user_by('login',$username))
        {
          $this->simulate_signon($username);
        }
        else
        {
          $this->new_user($attrs);
        }
      }
      else
      {
        die('A username was not provided 65.');
      }
    }
  }

Array
(
    [Name] => Array
        (
            [0] => Nithin Gopishetty
        )

    [Email] => Array
        (
            [0] => [email protected]
        )

    [GivenName] => Array
        (
            [0] => Nithin
        )

    [SN] => Array
        (
            [0] => Gopishetty
        )

    [groups] => Array
        (
            [0] => users
            [1] => members
        )

)

NameID

A username was not provided

Mike, can you please help with this one last issue.

P.S We are using PING as our Idp server

Thanks & Regards,
Nithin Kumar.

Hi Markphipps,

We successfully resolved the above issues but we are receiving an exception while trying to access the PING Federate server.

We are successfully redirected from https://our-url/wp-admin to the login page of the SSO poratl. When we enter the correct credentials we are receiving a page that is going into an infinite loop. When we enter incorrect credentials , we are shown a message that is set in SSO portal “Enter correct details”.

Can you please help us with the below situation.
When we try to access “Your SAML Assertion Consumer URL:” https://url/wp-content/plugins/saml-20-single-sign-on/saml/www/module.php/saml/sp/saml2-acs.php/1

SimpleSAML_Error_Error: UNHANDLEDEXCEPTION

Backtrace:
0 /opt/httpd/stage_wp/www/docs/appfactory_wp/wp-content/plugins/saml-20-single-sign-on/saml/www/module.php:180 (N/A)
Caused by: Exception: Unable to find the current binding.
Backtrace:
2 /opt/httpd/stage_wp/www/docs/appfactory_wp/wp-content/plugins/saml-20-single-sign-on/saml/lib/SAML2/Binding.php:103 (SAML2_Binding::getCurrentBinding)
1 /opt/httpd/stage_wp/www/docs/appfactory_wp/wp-content/plugins/saml-20-single-sign-on/saml/modules/saml/www/sp/saml2-logout.php:23 (require)
0 /opt/httpd/stage_wp/www/docs/appfactory_wp/wp-content/plugins/saml-20-single-sign-on/saml/www/module.php:135 (N/A)

Hi demonboy,

Thank you so much for the above suggestion.

It worked perfectly for the last pages as well.

Thanks & Regards,
Nithin Kumar.

Hi Mark,

Thanks for writing in so quickly for my queries.

I am looking for options to get it up using PING.

Also can you please tell me if we should use getIdPMetadata function even though we do not use “Autofill using Metadata” option.

As i still get the below error:

PHP Fatal error: Uncaught exception ‘SimpleSAML_Error_Exception’ with message ‘Cannot retrieve metadata for IdP ‘https://fast.xyz.com’ because it isn’t a valid IdP for this SP.’ in /opt/httpd/stage_wp/www/docs/appfactory_wp/wp-content/plugins/saml-20-single-sign-on/saml/modules/saml/lib/Auth/Source/SP.php:115
Stack trace:
#0 /opt/httpd/stage_wp/www/docs/appfactory_wp/wp-content/plugins/saml-20-single-sign-on/saml/modules/saml/lib/Auth/Source/SP.php(294): sspmod_saml_Auth_Source_SP->getIdPMetadata(‘https://fast.ti…’)
#1 /opt/httpd/stage_wp/www/docs/appfactory_wp/wp-content/plugins/saml-20-single-sign-on/saml/modules/saml/lib/Auth/Source/SP.php(371): sspmod_saml_Auth_Source_SP->startSSO(‘https://fast.ti…’, Array)
#2 /opt/httpd/stage_wp/www/docs/appfactory_wp/wp-content/plugins/saml-20-single-sign-on/saml/lib/SimpleSAML/Auth/Default.php(59): sspmod_saml_Auth_Source_SP->authenticate(Array)
#3 /opt/httpd/stage_wp/www/docs/appfactory_wp/wp-content/plugins/saml-20-single-sign-on/saml/lib/SimpleSAML/Auth/Simple.php(141): Simp in /opt/httpd/stage_wp/www/docs/appfactory_wp/wp-content/plugins/saml-20-single-sign-on/saml/modules/saml/lib/Auth/Source/SP.php on line 115

Can you please provide your valuable help.

Thanks & Regards,
Nithin Kumar.

Mark,

Thanks for your kind and quick reply.

We are actually using PING federate server and not ADFS.

Can you please let me know if you have any idea how to work with PING to resolve the above issue.

And also wanted to bring it to your notice that we do not have any URL for the metadata for Idp. Hence i have removed the getIdpMetadata function from the plug-in.

But i am still stuck with the issue of ‘A Username was not provided’.

Good morning Mark..!!

Yes even i had to go to saml_settings.php file and hard code my server details as below:

private function _use_defaults()
{
$defaults = array(
‘option_version’ => $this->current_version,
‘enabled’ => false,
‘idp’ => ‘https://fast.xyz.com’,
‘nameidpolicy’ => ‘urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress’,
‘attributes’ => array(
‘username’ => ‘sAMAccountName’,
‘firstname’ => ‘givenName’,
‘lastname’ => ‘sn’,
’email’ => ’email’,
‘groups’ => ‘memberOf’,
),
‘groups’ => array(
‘super_admin’ => ”,
‘admin’ => ‘users’,
‘editor’ => ”,
‘author’ => ”,
‘contributor’ => ”,
‘subscriber’ => ”,
),
‘allow_unlisted_users’ => true
);

return($defaults);
}

Now i receive another error saying “A username was not provided”.

I read your above post and you suggested to use

Try adding an outgoing claim type for Name ID. On my installation:

SAM-Account-Name -> Name ID
SAM-Account-Name -> Windows account name

Can you please tell me where do i have give the above two values. I mean in which file of the plug-in.

Thanks & Regards,
Nithin Kumar.

Hi enricomv/Mark,

Really glad that you guys must have got the SAML configuration for your applications.

I have a issue which is described below:

PHP Fatal error: Uncaught exception ‘SimpleSAML_Error_Exception’ with message ‘Could not find the metadata of an IdP with entity ID ‘https://your-idp.net” in /opt/httpd/stage_wp/www/docs/appfactory_wp/wp-content/plugins/saml-20-single-sign-on-bak/saml/modules/saml/lib/Auth/Source/SP.php:134

But the entity Id is displayed as https://my-site-url/wp-content/plugins/saml-20-single-sign-on-bak/saml/www/module.php/saml/sp/metadata.php/1 in my General page of the plugin.

It looks like the entity ID is not getting reflected in the database.

Can you please let me know if you faced similar issues.

Also it would be really great if you guys can please share the screenshots of the configurations that you have made under Identity and Service provider tabs.

Thanks a lot for listening to my issues.

Thanks & Regards,
Nithin Kumar.

Adam, I actually have limited access to the database of my application.

So i am not so sure if i can change the settings from the back end.

Will you be able to share the screen shot of your settings page in “Identity Provider” and “Service Provider” tabs.

I think i am making mistake with the settings.

Also can we configure the plug-in in local XAMPP environment?

Thanks a lot in advance.

Thanks & Regards,
Nithin Kumar,
[email protected]

Hi All,

I too have a similar issue as above.

I have given the Identity Provider details like Single Sign On URL, Single Sign On Logout etc., and generated the certificate for the service provider type using the check box that will generate a self-signed certificate.

After this when tried to access the my-url/wp-admin i see that i am redirected to an empty page with the redirect path as wp-admin as explained above.

Adam van den Hoven, have you got any solution to the above problem?