utexas / utexas-eid-auth
UT-specific configuration for use with the WP SAML Auth plugin
Installs: 73
Dependents: 1
Suggesters: 0
Security: 0
Stars: 0
Watchers: 2
Forks: 0
Type:wordpress-plugin
Requires
This package is auto-updated.
Last update: 2025-03-24 18:18:07 UTC
README
This is a WordPress plugin that provides configuration for using the OneLogin library to sign in using Enterprise Authentication.
Testing integration a WordPress site with OneLogin
- Begin the integration process by requesting integration following the instructions at https://ut.service-now.com/sp?id=kb_article&number=KB0019336
- Download the latest version of
utexas-eid-auth
at https://github.austin.utexas.edu/eis1-wcs/utexas-eid-auth/archive/refs/heads/master.zip - Go the site's
/wp-admin/plugin-install.php
and choose "Upload plugin" - Upload the zip file you downloaded.
- Activate the plugin.
- First attempt to sign in before an account has been provisioned
/wp-login.php?action=wp-saml-auth
. This is a configuration default that can be changed if necessary. Verify that an account is not automatically provisioned ("No WordPress user exists for your account. Please contact your administrator.") - Provision an EID-based account for yourself
terminus wp <site>.<env> -- user create <EID> <EID>@eid.utexas.edu --role=administrator
- Now attempt to sign in and confirm you can authenticate
/wp-login.php?action=wp-saml-auth
Configuration notes
All pertinent configuration for the OneLogin library is found in wpsa-options.php
. A few callouts:
- auto_provision: (default:
false
). For sites that should automatically create accounts from successful EID authentication, this should be changed totrue
. - permit_wp_login: (default:
false
). To allow any local WordPress password sign in, set totrue
. - allowRepeatAttributeName: Must be set to true (allow). The OneLogin SAML library includes a validation check for duplicate attribute names in the Authorization Response. The IAM team's SAML response includes two attributes with
FriendlyName="utexasEduPersonAffiliation"
. To avoid this being flagged as invalid, configuration ofsamlauth.authentication
needs to includesecurity_allow_repeat_attribute_name: true
, which passes the value to the underlying library's configuration forallowRepeatAttributeName
. - Additional configuration options can be found in:
Overriding configuration on a specific site
Otions defined in wpsa-options.php
are the defaults for UT sites on Pantheon. If for some reason you want to override anything set here, create your own mini-plugin. See utexas-eid-auth-overrides.php.example
.