[WordPress] 外掛分享： WP SAML Auth

內容簡介

WP SAML Auth 外掛提供 WordPress 的 SAML 認證功能，透過 OneLogin 或 SimpleSAMLphp 認證庫，實現安全的用戶登入流程。此外掛簡化了與 Google Apps 的整合，並可自定義認證行為，提升網站安全性與使用者體驗。

【主要功能】
• 支援 SAML 認證，提升安全性
• 整合 Google Apps，簡化登入流程
• 自動創建新用戶，選項可調整
• 支援 SimpleSAMLphp v1.x 和 v2.x
• 提供 WP-CLI 指令，方便管理外掛

外掛標籤

開發者團隊

原文外掛簡介

SAML authentication for WordPress, using the bundled OneLogin SAML library or optionally installed SimpleSAMLphp. OneLogin provides a SAML authentication bridge; SimpleSAMLphp provides SAML plus a variety of other authentication mechanisms. This plugin acts as a bridge between WordPress and the authentication library.
If your organization uses Google Apps, integrating Google Apps with WP SAML Auth takes just a few steps.
The standard user flow looks like this:

User can log in via SAML using a button added to the standard WordPress login view.
When the button is clicked, the user is handed off to the authentication library. With OneLogin, the user is redirected to the SAML identity provider. With SimpleSAMLphp, the user is redirected to the SimpleSAMLphp install.
Once the user is authenticated with the identity provider, they’re redirected back to WordPress and signed in to their account. A new WordPress user will be created if none exists (although this behavior can be disabled).
When the user logs out of WordPress, they are also logged out of the identity provider.

A set of configuration options allow you to change the plugin’s default behavior. For instance, permit_wp_login=>false will force all authentication to go through the SAML identity provider, bypassing wp-login.php. Similiarly, auto_provision=>false will disable automatic creation of new WordPress users.
See installation instructions for full configuration details.
Installing SimpleSAMLphp
The plugin supports both SimpleSAMLphp v1.x and v2.x. The autoloader is automatically detected:
SimpleSAMLphp v2.x uses vendor/autoload.php
SimpleSAMLphp v1.x uses lib/_autoload.php
Default Search Paths
The plugin automatically searches for SimpleSAMLphp in these locations:
* ABSPATH . 'simplesaml'
* ABSPATH . 'private/simplesamlphp'
* ABSPATH . 'simplesamlphp'
* ABSPATH . 'vendor/simplesamlphp/simplesamlphp' (Composer installation)
* plugin_dir_path . 'simplesamlphp'
For each path, the plugin checks for both vendor/autoload.php (v2.x) and lib/_autoload.php (v1.x).
This means Composer installations work automatically! If you run composer require simplesamlphp/simplesamlphp in your site root, the plugin will find it without any additional configuration.
Composer Installation (Advanced)
If you install SimpleSAMLphp via Composer to a custom location (not the standard vendor/simplesamlphp/simplesamlphp), you can specify the autoloader path:
add_filter( 'wp_saml_auth_option', function( $value, $option_name ) {
if ( 'simplesamlphp_autoload' === $option_name ) {
// Point to your custom Composer vendor autoloader
return '/custom/path/vendor/autoload.php';
}
return $value;
}, 10, 2 );

Custom Installation Paths
If SimpleSAMLphp is installed in a non-default location, you can set custom search paths with the wp_saml_auth_simplesamlphp_path_array filter:
add_filter( 'wp_saml_auth_simplesamlphp_path_array', function( $simplesamlphp_path_array ) {
// Override default paths with custom paths
return [ '/custom/path/to/simplesamlphp' ];
} );

Or define an explicit autoloader path with the wp_saml_auth_ssp_autoloader filter:
add_filter( 'wp_saml_auth_ssp_autoloader', function( $ssp_autoloader ) {
return ABSPATH . 'path/to/simplesamlphp/vendor/autoload.php';
} );

WP-CLI Commands

This plugin implements a variety of WP-CLI commands. All commands are grouped into the wp saml-auth namespace.
$ wp help saml-auth

NAME

wp saml-auth

DESCRIPTION

Configure and manage the WP SAML Auth plugin.

SYNOPSIS

wp saml-auth

SUBCOMMANDS

scaffold-config Scaffold a configuration filter to customize WP SAML Auth usage.

Use wp help saml-auth to learn more about each command.
Note: The scaffold-config command generates a configuration function with default values. The simplesamlphp_autoload option is not included in the scaffolded output because the plugin auto-detects SimpleSAMLphp installations. Only add this option manually if SimpleSAMLphp is in a non-standard location.
Contributing
See CONTRIBUTING.md for information on contributing.

延伸相關外掛

SAML Single Sign On – SSO LoginWordPress Single Sign On (WordPress SSO) 是一個外掛程式，...OneLogin SAML SSO這個 SAML 外掛可消除密碼，允許您驗證 WordPress 使用者（通...Shibboleth此外掛旨在支援將您的 WordPress 網站整合到現有的身分管理基...Cloud SAML SSO – Single Sign On Login自動指派 WordPress 角色給使用者，依據 IDP 群組成員身份限...Login with ADFSADFS Login 是一個 WordPress 的外掛，讓具有 ADFS Directory...EZPZ SAML SP Single Sign On (SSO)EZPZ SAML SP 將您的 WordPress 網站轉換為完全運作的 SAML ...Logto – User Authentication and Authorization總結：透過在 WordPress 網站中整合 Logto，您不僅可以增強網...Shibboleth With LDAP Authorization由於此外掛程式擴展了 Shibboleth 外掛，因此您必須先安裝並...Login with Salesforce使用 Salesforce 登入外掛，允許使用 SAML 2.0 兼容身分提供...SSO Login – Universal (OAuth + SAML)這個外掛能夠使用由Authress提供的強化版WordPress登入表單，...SSO JumpCloud – Enterprise SAML & SCIM```html <ul> <li>SSO Connector for JumpClou...Frontegg SAML SSO總結：Frontegg SAML SSO 外掛可替代預設的 WordPress 登入和...onID SSO by SAML 2.0總結：WordPress 密碼無需單點登錄，利用我們的 SAML 無需密...Rainbow Secure – Advanced MFA & SSO PluginRainbow Secure 是一款進階的多因素身份驗證 (MFA) 和單一登...Datawiza Proxy Auth Plugin – SSO此外掛 Proxy Auth Plugin 可以幫助開發者、DevOps 和管理員...