I have applications that I wrote that use SAML and then a user database to define permissions for them all. And basically once a user signs on via our SSO they can use the applications with their defined perms.
I want to do the same thing for WP. Where do I start? I would like WP to recognize their session username before they login and then create wordpress cookie. I saw a root cookie plugin that would pass the user info to other wp sites but how about getting the session username to begin with?
I would like users to come to WP site and see that they are logged in with their username but I am open for other ways too.
Right now what is given to me for SAML authentication is:
- app url: redirect to the SSO sign in
- app key: hash to encrypt
- uid
- firstname
- lastname
- time (POST time is used for validation)
Note: I have just tried using the SAML2 plugin for WP. First it is a beta plugin and very confusing. Second I keep getting fatal error that it cannot find IDP information.
Would really just like to take the session uid I have an log a person in using that.
If you will work with sessions, then init this at first in your plugin, theme.
Alternative use the library from Eric Mann: WP Session Manager, also his tutorial.
I have a really simple script that is linked https://wordpress.stackexchange.com/questions/154802/what-do-i-need-to-do-to-fully-integrate-a-custom-session-login-into-wp.
Basically I am assuming that your SSO is secure, that you have the users in your database, and that you don’t need to keep the session alive except for authentication. From my standpoint I just want to pass the user onto WP and let the WP user system do the rest. Hope this helps others doing session logins.