sixtosaml
Forum Replies Created
-
Forum: Plugins
In reply to: [OneLogin SAML SSO] Subpages behind SAMLIf a user is authenticated in site1, you will see he logged in the top menu
but he don’t gonna be able to access sites where he is not registered-For example, imagine you have:
https://wpmultisite.local/site1/
https://wpmultisite.local/site2/
https://wpmultisite.local/site3/And user exists on site1 and site2.
I user login site1 and then try to access:
https://wpmultisite.local/site1/wp-admin/profile.php –> OK
https://wpmultisite.local/site2/wp-admin/profile.php –> Ok
https://wpmultisite.local/site3/wp-admin/profile.php –> Error. No provilegesThis is an expected behavior
- This reply was modified 4 years, 3 months ago by sixtosaml.
Forum: Plugins
In reply to: [OneLogin SAML SSO] Attribute mappingUse SAML Tracer
– firefox: https://addons.mozilla.org/es/firefox/addon/saml-tracer/
– chrome: https://chrome.google.com/webstore/detail/saml-tracer/mpdajninpobndbfcldcmbpnnbhibjmchin order to record the SAML flow, then inspect the AttributeSatement section that contains the Attributes that the IdP provided. Check its Name value and add to the Attribute Mapping section the same Names you saw on the SAMLResponse.
SAML Users attributes are not stored on $_SERVER
The command
$auth->getAttributes();
will give you use data contained in the SAMLResponseSee: https://github.com/onelogin/wordpress-saml/blob/master/onelogin-saml-sso/php/functions.php#L254
Forum: Plugins
In reply to: [OneLogin SAML SSO] ADFS Always redirects to HomepageIf the SAML initialization fails, user is redirected to WP homepage:
https://github.com/onelogin/wordpress-saml/blob/master/onelogin-saml-sso/php/functions.php#L238If not RelayState parameter is provided to the ACS URL endoint, or the RelayState content contains wp-login.php or alternative_acs.php, also redirects to WP Homepage:
https://github.com/onelogin/wordpress-saml/blob/master/onelogin-saml-sso/php/functions.php#L467If you try to access to a protected section of WP without an active session, that target should be stored and sent as a RelayState parameter, to be later retrieved at the ACS endpoint and be used in a final redirection.
Forum: Plugins
In reply to: [OneLogin SAML SSO] Cookie Same Site Attribute After Chrome UpdateCan you verify if this code change solves your issue?
https://github.com/onelogin/wordpress-saml/commit/f57561f65e38459a4c4de9ebf2a91af1a7b34ec9Otherwise, try to set the cookies like:
$secure = is_ssl();
$options = [
‘expires’ => time() + MONTH_IN_SECONDS
‘path’ => SITECOOKIEPATH,
‘domain’ => COOKIE_DOMAIN,
‘secure’ => $secure,
‘httponly’ => true,
‘samesite’ => ‘None’ // None || Lax || Strict
];setcookie(SAML_LOGIN_COOKIE, 1, $options);
setcookie(SAML_NAMEID_COOKIE, $auth->getNameId(), $options);
setcookie(SAML_SESSIONINDEX_COOKIE, $auth->getSessionIndex(), $options);
setcookie(SAML_NAMEID_FORMAT_COOKIE, $auth->getNameIdFormat(), $options);
setcookie(SAML_NAMEID_NAME_QUALIFIER_COOKIE, $auth->getNameIdNameQualifier(),$options);
setcookie(SAML_NAMEID_SP_NAME_QUALIFIER_COOKIE, $auth->getNameIdSPNameQualifier(), $options);