I have applications that I wrote that use SAML and then a user database to define permissions for them all. And basically once a user signs on via our SSO they can use the applications with their defined perms.
I want to do the same thing for WP. Where do I start? I would like WP to recognize their session username before they login and then create wordpress cookie. I saw a root cookie plugin that would pass the user info to other wp sites but how about getting the session username to begin with?
I would like users to come to WP site and see that they are logged in with their username but I am open for other ways too.
Right now what is given to me for SAML authentication is:
- app url: redirect to the SSO sign in
- app key: hash to encrypt
- uid
- firstname
- lastname
- time (POST time is used for validation)
Note: I have just tried using the SAML2 plugin for WP. First it is a beta plugin and very confusing. Second I keep getting fatal error that it cannot find IDP information.
Would really just like to take the session uid I have an log a person in using that.
2 s
If you will work with sessions, then init this at first in your plugin, theme.
add_action( 'init', 'my_start_session' );
function my_start_session() {
if ( session_id() )
return;
@session_cache_limiter('private, must-revalidate'); //private_no_expire
@session_cache_expire(0);
@session_start();
}
Alternative use the library from Eric Mann: WP Session Manager, also his tutorial.