root
12 years ago
6 changed files with 688 additions and 6 deletions
-
19scripts/install
-
278sources/wp-content/plugins/http-authentication/http-authentication.php
-
195sources/wp-content/plugins/http-authentication/options-page.php
-
202sources/wp-content/plugins/http-authentication/readme.txt
-
BINsources/wp-content/plugins/http-authentication/screenshot-1.png
-
BINsources/wp-content/plugins/http-authentication/screenshot-2.png
@ -0,0 +1,278 @@ |
|||
<?php |
|||
/* |
|||
Plugin Name: HTTP Authentication |
|||
Version: 4.5 |
|||
Plugin URI: http://danieltwc.com/2011/http-authentication-4-0/ |
|||
Description: Authenticate users using basic HTTP authentication (<code>REMOTE_USER</code>). This plugin assumes users are externally authenticated, as with <a href="http://www.gatorlink.ufl.edu/">GatorLink</a>. |
|||
Author: Daniel Westermann-Clark |
|||
Author URI: http://danieltwc.com/ |
|||
*/ |
|||
|
|||
require_once(dirname(__FILE__) . DIRECTORY_SEPARATOR . 'options-page.php'); |
|||
|
|||
class HTTPAuthenticationPlugin { |
|||
var $db_version = 2; |
|||
var $option_name = 'http_authentication_options'; |
|||
var $options; |
|||
|
|||
function HTTPAuthenticationPlugin() { |
|||
$this->options = get_option($this->option_name); |
|||
|
|||
if (is_admin()) { |
|||
$options_page = new HTTPAuthenticationOptionsPage($this, $this->option_name, __FILE__, $this->options); |
|||
add_action('admin_init', array($this, 'check_options')); |
|||
} |
|||
|
|||
add_action('login_head', array($this, 'add_login_css')); |
|||
add_action('login_footer', array($this, 'add_login_link')); |
|||
add_action('check_passwords', array($this, 'generate_password'), 10, 3); |
|||
add_action('wp_logout', array($this, 'logout')); |
|||
add_filter('login_url', array($this, 'bypass_reauth')); |
|||
add_filter('show_password_fields', array($this, 'allow_wp_auth')); |
|||
add_filter('allow_password_reset', array($this, 'allow_wp_auth')); |
|||
add_filter('authenticate', array($this, 'authenticate'), 10, 3); |
|||
} |
|||
|
|||
/* |
|||
* Check the options currently in the database and upgrade if necessary. |
|||
*/ |
|||
function check_options() { |
|||
if ($this->options === false || ! isset($this->options['db_version']) || $this->options['db_version'] < $this->db_version) { |
|||
if (! is_array($this->options)) { |
|||
$this->options = array(); |
|||
} |
|||
|
|||
$current_db_version = isset($this->options['db_version']) ? $this->options['db_version'] : 0; |
|||
$this->upgrade($current_db_version); |
|||
$this->options['db_version'] = $this->db_version; |
|||
update_option($this->option_name, $this->options); |
|||
} |
|||
} |
|||
|
|||
/* |
|||
* Upgrade options as needed depending on the current database version. |
|||
*/ |
|||
function upgrade($current_db_version) { |
|||
$default_options = array( |
|||
'allow_wp_auth' => false, |
|||
'auth_label' => 'HTTP authentication', |
|||
'login_uri' => htmlspecialchars_decode(wp_login_url()), |
|||
'logout_uri' => remove_query_arg('_wpnonce', htmlspecialchars_decode(wp_logout_url())), |
|||
'additional_server_keys' => '', |
|||
'auto_create_user' => false, |
|||
'auto_create_email_domain' => '', |
|||
); |
|||
|
|||
if ($current_db_version < 1) { |
|||
foreach ($default_options as $key => $value) { |
|||
// Handle migrating existing options from before we stored a db_version
|
|||
if (! isset($this->options[$key])) { |
|||
$this->options[$key] = $value; |
|||
} |
|||
} |
|||
} |
|||
} |
|||
|
|||
function add_login_css() { |
|||
?>
|
|||
<style type="text/css"> |
|||
p#http-authentication-link {
|
|||
width: 100%; |
|||
height: 4em; |
|||
text-align: center; |
|||
margin-top: 2em; |
|||
} |
|||
p#http-authentication-link a {
|
|||
margin: 0 auto; |
|||
float: none; |
|||
} |
|||
</style> |
|||
<?php |
|||
} |
|||
|
|||
/* |
|||
* Add a link to the login form to initiate external authentication. |
|||
*/ |
|||
function add_login_link() { |
|||
global $redirect_to; |
|||
|
|||
$login_uri = $this->_generate_uri($this->options['login_uri'], wp_login_url($redirect_to)); |
|||
$auth_label = $this->options['auth_label']; |
|||
|
|||
echo "\t" . '<p id="http-authentication-link"><a class="button-primary" href="' . htmlspecialchars($login_uri) . '">Log In with ' . htmlspecialchars($auth_label) . '</a></p>' . "\n"; |
|||
} |
|||
|
|||
/* |
|||
* Generate a password for the user. This plugin does not require the |
|||
* administrator to enter this value, but we need to set it so that user |
|||
* creation and editing works. |
|||
*/ |
|||
function generate_password($username, $password1, $password2) { |
|||
if (! $this->allow_wp_auth()) { |
|||
$password1 = $password2 = wp_generate_password(); |
|||
} |
|||
} |
|||
|
|||
/* |
|||
* Logout the user by redirecting them to the logout URI. |
|||
*/ |
|||
function logout() { |
|||
$logout_uri = $this->_generate_uri($this->options['logout_uri'], home_url()); |
|||
|
|||
wp_redirect($logout_uri); |
|||
exit(); |
|||
} |
|||
|
|||
/* |
|||
* Remove the reauth=1 parameter from the login URL, if applicable. This allows |
|||
* us to transparently bypass the mucking about with cookies that happens in |
|||
* wp-login.php immediately after wp_signon when a user e.g. navigates directly |
|||
* to wp-admin. |
|||
*/ |
|||
function bypass_reauth($login_url) { |
|||
$login_url = remove_query_arg('reauth', $login_url); |
|||
|
|||
return $login_url; |
|||
} |
|||
|
|||
/* |
|||
* Can we fallback to built-in WordPress authentication? |
|||
*/ |
|||
function allow_wp_auth() { |
|||
return (bool) $this->options['allow_wp_auth']; |
|||
} |
|||
|
|||
/* |
|||
* Authenticate the user, first using the external authentication source. |
|||
* If allowed, fall back to WordPress password authentication. |
|||
*/ |
|||
function authenticate($user, $username, $password) { |
|||
$user = $this->check_remote_user(); |
|||
|
|||
if (! is_wp_error($user)) { |
|||
// User was authenticated via REMOTE_USER
|
|||
$user = new WP_User($user->ID); |
|||
} |
|||
else { |
|||
// REMOTE_USER is invalid; now what?
|
|||
|
|||
if (! $this->allow_wp_auth()) { |
|||
// Bail with the WP_Error when not falling back to WordPress authentication
|
|||
wp_die($user); |
|||
} |
|||
|
|||
// Fallback to built-in hooks (see wp-includes/user.php)
|
|||
} |
|||
|
|||
return $user; |
|||
} |
|||
|
|||
/* |
|||
* If the REMOTE_USER or REDIRECT_REMOTE_USER evironment variable is set, use it |
|||
* as the username. This assumes that you have externally authenticated the user. |
|||
*/ |
|||
function check_remote_user() { |
|||
$username = ''; |
|||
|
|||
$server_keys = $this->_get_server_keys(); |
|||
foreach ($server_keys as $server_key) { |
|||
if (! empty($_SERVER[$server_key])) { |
|||
$username = $_SERVER[$server_key]; |
|||
} |
|||
} |
|||
|
|||
if (! $username) { |
|||
return new WP_Error('empty_username', '<strong>ERROR</strong>: No user found in server variables.'); |
|||
} |
|||
|
|||
// Create new users automatically, if configured
|
|||
$user = get_user_by('login', $username); |
|||
if (! $user) { |
|||
if ((bool) $this->options['auto_create_user']) { |
|||
$user = $this->_create_user($username); |
|||
} |
|||
else { |
|||
// Bail out to avoid showing the login form
|
|||
$user = new WP_Error('authentication_failed', __('<strong>ERROR</strong>: Invalid username or incorrect password.')); |
|||
} |
|||
} |
|||
|
|||
return $user; |
|||
} |
|||
|
|||
/* |
|||
* Return the list of $_SERVER keys that we will check for a username. By |
|||
* default, these are REMOTE_USER and REDIRECT_REMOTE_USER. Additional keys |
|||
* can be configured from the options page. |
|||
*/ |
|||
function _get_server_keys() { |
|||
$server_keys = array('REMOTE_USER', 'REDIRECT_REMOTE_USER'); |
|||
|
|||
$additional_server_keys = $this->options['additional_server_keys']; |
|||
if (! empty($additional_server_keys)) { |
|||
$keys = preg_split('/,\s*/', $additional_server_keys); |
|||
$server_keys = array_merge($server_keys, $keys); |
|||
} |
|||
|
|||
return $server_keys; |
|||
} |
|||
|
|||
/* |
|||
* Create a new WordPress account for the specified username. |
|||
*/ |
|||
function _create_user($username) { |
|||
$password = wp_generate_password(); |
|||
$email_domain = $this->options['auto_create_email_domain']; |
|||
|
|||
$user_id = wp_create_user($username, $password, $username . ($email_domain ? '@' . $email_domain : '')); |
|||
$user = get_user_by('id', $user_id); |
|||
|
|||
return $user; |
|||
} |
|||
|
|||
/* |
|||
* Fill the specified URI with the site URI and the specified return location. |
|||
*/ |
|||
function _generate_uri($uri, $redirect_to) { |
|||
// Support tags for staged deployments
|
|||
$base = $this->_get_base_url(); |
|||
|
|||
$tags = array( |
|||
'host' => $_SERVER['HTTP_HOST'], |
|||
'base' => $base, |
|||
'site' => home_url(), |
|||
'redirect' => $redirect_to, |
|||
); |
|||
|
|||
foreach ($tags as $tag => $value) { |
|||
$uri = str_replace('%' . $tag . '%', $value, $uri); |
|||
$uri = str_replace('%' . $tag . '_encoded%', urlencode($value), $uri); |
|||
} |
|||
|
|||
// Support previous versions with only the %s tag
|
|||
if (strstr($uri, '%s') !== false) { |
|||
$uri = sprintf($uri, urlencode($redirect_to)); |
|||
} |
|||
|
|||
return $uri; |
|||
} |
|||
|
|||
/* |
|||
* Return the base domain URL based on the WordPress home URL. |
|||
*/ |
|||
function _get_base_url() { |
|||
$home = parse_url(home_url()); |
|||
|
|||
$base = home_url(); |
|||
foreach (array('path', 'query', 'fragment') as $key) { |
|||
if (! isset($home[$key])) continue; |
|||
$base = str_replace($home[$key], '', $base); |
|||
} |
|||
|
|||
return $base; |
|||
} |
|||
} |
|||
|
|||
// Load the plugin hooks, etc.
|
|||
$http_authentication_plugin = new HTTPAuthenticationPlugin(); |
|||
?>
|
|||
@ -0,0 +1,195 @@ |
|||
<?php |
|||
class HTTPAuthenticationOptionsPage { |
|||
var $plugin; |
|||
var $group; |
|||
var $page; |
|||
var $options; |
|||
var $title; |
|||
|
|||
function HTTPAuthenticationOptionsPage($plugin, $group, $page, $options, $title = 'HTTP Authentication') { |
|||
$this->plugin = $plugin; |
|||
$this->group = $group; |
|||
$this->page = $page; |
|||
$this->options = $options; |
|||
$this->title = $title; |
|||
|
|||
add_action('admin_init', array($this, 'register_options')); |
|||
add_action('admin_menu', array($this, 'add_options_page')); |
|||
} |
|||
|
|||
/* |
|||
* Register the options for this plugin so they can be displayed and updated below. |
|||
*/ |
|||
function register_options() { |
|||
register_setting($this->group, $this->group, array($this, 'sanitize_settings')); |
|||
|
|||
$section = 'http_authentication_main'; |
|||
add_settings_section($section, 'Main Options', array($this, '_display_options_section'), $this->page); |
|||
add_settings_field('http_authentication_allow_wp_auth', 'Allow WordPress authentication?', array($this, '_display_option_allow_wp_auth'), $this->page, $section, array('label_for' => 'http_authentication_allow_wp_auth')); |
|||
add_settings_field('http_authentication_auth_label', 'Authentication label', array($this, '_display_option_auth_label'), $this->page, $section, array('label_for' => 'http_authentication_auth_label')); |
|||
add_settings_field('http_authentication_login_uri', 'Login URI', array($this, '_display_option_login_uri'), $this->page, $section, array('label_for' => 'http_authentication_login_uri')); |
|||
add_settings_field('http_authentication_logout_uri', 'Logout URI', array($this, '_display_option_logout_uri'), $this->page, $section, array('label_for' => 'http_authentication_logout_uri')); |
|||
add_settings_field('http_authentication_additional_server_keys', '$_SERVER variables', array($this, '_display_option_additional_server_keys'), $this->page, $section, array('label_for' => 'http_authentication_additional_server_keys')); |
|||
add_settings_field('http_authentication_auto_create_user', 'Automatically create accounts?', array($this, '_display_option_auto_create_user'), $this->page, $section, array('label_for' => 'http_authentication_auto_create_user')); |
|||
add_settings_field('http_authentication_auto_create_email_domain', 'Email address domain', array($this, '_display_option_auto_create_email_domain'), $this->page, $section, array('label_for' => 'http_authentication_auto_create_email_domain')); |
|||
} |
|||
|
|||
/* |
|||
* Set the database version on saving the options. |
|||
*/ |
|||
function sanitize_settings($input) { |
|||
$output = $input; |
|||
$output['db_version'] = $this->plugin->db_version; |
|||
$output['allow_wp_auth'] = isset($input['allow_wp_auth']) ? (bool) $input['allow_wp_auth'] : false; |
|||
$output['auto_create_user'] = isset($input['auto_create_user']) ? (bool) $input['auto_create_user'] : false; |
|||
|
|||
return $output; |
|||
} |
|||
|
|||
/* |
|||
* Add an options page for this plugin. |
|||
*/ |
|||
function add_options_page() { |
|||
add_options_page($this->title, $this->title, 'manage_options', $this->page, array($this, '_display_options_page')); |
|||
} |
|||
|
|||
/* |
|||
* Display the options for this plugin. |
|||
*/ |
|||
function _display_options_page() { |
|||
if (! current_user_can('manage_options')) { |
|||
wp_die(__('You do not have sufficient permissions to access this page.')); |
|||
} |
|||
?>
|
|||
<div class="wrap"> |
|||
<h2>HTTP Authentication Options</h2> |
|||
<p>For the Login URI and Logout URI options, you can use the following variables to support your installation:</p> |
|||
<ul> |
|||
<li><code>%host%</code> - The current value of <code>$_SERVER['HTTP_HOST']</code></li> |
|||
<li><code>%base%</code> - The base domain URL (everything before the path)</li> |
|||
<li><code>%site%</code> - The WordPress home URI</li> |
|||
<li><code>%redirect%</code> - The return URI provided by WordPress</li> |
|||
</ul> |
|||
<p>You can also use <code>%host_encoded%</code>, <code>%site_encoded%</code>, and <code>%redirect_encoded%</code> for URL-encoded values.</p> |
|||
<form action="options.php" method="post"> |
|||
<?php settings_errors(); ?>
|
|||
<?php settings_fields($this->group); ?>
|
|||
<?php do_settings_sections($this->page); ?>
|
|||
<p class="submit"> |
|||
<input type="submit" name="Submit" value="<?php esc_attr_e('Save Changes'); ?>" class="button-primary" /> |
|||
</p> |
|||
</form> |
|||
</div> |
|||
<?php |
|||
} |
|||
|
|||
/* |
|||
* Display explanatory text for the main options section. |
|||
*/ |
|||
function _display_options_section() { |
|||
} |
|||
|
|||
/* |
|||
* Display the WordPress authentication checkbox. |
|||
*/ |
|||
function _display_option_allow_wp_auth() { |
|||
$allow_wp_auth = $this->options['allow_wp_auth']; |
|||
$this->_display_checkbox_field('allow_wp_auth', $allow_wp_auth); |
|||
?>
|
|||
Should the plugin fallback to WordPress authentication if none is found from the server? |
|||
<?php |
|||
if ($allow_wp_auth && $this->options['login_uri'] == htmlspecialchars_decode(wp_login_url())) { |
|||
echo '<br /><strong>WARNING</strong>: You must set the login URI below to your external authentication system. Otherwise you will not be able to login!'; |
|||
} |
|||
} |
|||
|
|||
/* |
|||
* Display the authentication label field, describing the authentication system |
|||
* in use. |
|||
*/ |
|||
function _display_option_auth_label() { |
|||
$auth_label = $this->options['auth_label']; |
|||
$this->_display_input_text_field('auth_label', $auth_label); |
|||
?>
|
|||
Default is <code>HTTP authentication</code>; override to use the name of your single sign-on system. |
|||
<?php |
|||
} |
|||
|
|||
/* |
|||
* Display the login URI field. |
|||
*/ |
|||
function _display_option_login_uri() { |
|||
$login_uri = $this->options['login_uri']; |
|||
$this->_display_input_text_field('login_uri', $login_uri); |
|||
?>
|
|||
Default is <code><?php echo wp_login_url(); ?></code>; override to direct users to a single sign-on system. See above for available variables.<br />
|
|||
Example: <code>%base%/Shibboleth.sso/Login?target=%redirect_encoded%</code> |
|||
<?php |
|||
} |
|||
|
|||
/* |
|||
* Display the logout URI field. |
|||
*/ |
|||
function _display_option_logout_uri() { |
|||
$logout_uri = $this->options['logout_uri']; |
|||
$this->_display_input_text_field('logout_uri', $logout_uri); |
|||
?>
|
|||
Default is <code><?php echo htmlspecialchars(remove_query_arg('_wpnonce', htmlspecialchars_decode(wp_logout_url()))); ?></code>; override to e.g. remove a cookie. See above for available variables.<br />
|
|||
Example: <code>%base%/Shibboleth.sso/Logout?return=%redirect_encoded%</code> |
|||
<?php |
|||
} |
|||
|
|||
/* |
|||
* Display the additional $_SERVER keys field. |
|||
*/ |
|||
function _display_option_additional_server_keys() { |
|||
$additional_server_keys = $this->options['additional_server_keys']; |
|||
$this->_display_input_text_field('additional_server_keys', $additional_server_keys); |
|||
?>
|
|||
<code>$_SERVER</code> variables in addition to <code>REMOTE_USER</code> and <code>REDIRECT_REMOTE_USER</code> to check for the username value, separated by a comma. Use this to e.g. support personal X.509 certificates for authentication.<br /> |
|||
Example: <code>SSL_CLIENT_S_DN_CN</code> |
|||
<?php |
|||
} |
|||
|
|||
/* |
|||
* Display the automatically create accounts checkbox. |
|||
*/ |
|||
function _display_option_auto_create_user() { |
|||
$auto_create_user = $this->options['auto_create_user']; |
|||
$this->_display_checkbox_field('auto_create_user', $auto_create_user); |
|||
?>
|
|||
Should a new user be created automatically if not already in the WordPress database?<br /> |
|||
Created users will obtain the role defined under "New User Default Role" on the <a href="options-general.php">General Options</a> page. |
|||
<?php |
|||
} |
|||
|
|||
/* |
|||
* Display the email domain field. |
|||
*/ |
|||
function _display_option_auto_create_email_domain() { |
|||
$auto_create_email_domain = $this->options['auto_create_email_domain']; |
|||
$this->_display_input_text_field('auto_create_email_domain', $auto_create_email_domain); |
|||
?>
|
|||
When a new user logs in, this domain is used for the initial email address on their account. The user can change his or her email address by editing their profile. |
|||
<?php |
|||
} |
|||
|
|||
/* |
|||
* Display a text input field. |
|||
*/ |
|||
function _display_input_text_field($name, $value, $size = 75) { |
|||
?>
|
|||
<input type="text" name="<?php echo htmlspecialchars($this->group); ?>[<?php echo htmlspecialchars($name); ?>]" id="http_authentication_<?php echo htmlspecialchars($name); ?>" value="<?php echo htmlspecialchars($value) ?>" size="<?php echo htmlspecialchars($size); ?>" /><br /> |
|||
<?php |
|||
} |
|||
|
|||
/* |
|||
* Display a checkbox field. |
|||
*/ |
|||
function _display_checkbox_field($name, $value) { |
|||
?>
|
|||
<input type="checkbox" name="<?php echo htmlspecialchars($this->group); ?>[<?php echo htmlspecialchars($name); ?>]" id="http_authentication_<?php echo htmlspecialchars($name); ?>"<?php if ($value) echo ' checked="checked"' ?> value="1" /><br />
|
|||
<?php |
|||
} |
|||
} |
|||
?>
|
|||
@ -0,0 +1,202 @@ |
|||
=== HTTP Authentication === |
|||
Contributors: dwc |
|||
Tags: authentication |
|||
Requires at least: 3.1 |
|||
Tested up to: 3.4 |
|||
Stable tag: 4.5 |
|||
|
|||
Use an external authentication source in WordPress. |
|||
|
|||
== Description == |
|||
|
|||
The HTTP Authentication plugin allows you to use existing means of authenticating people to WordPress. This includes Apache's basic HTTP authentication module, [Shibboleth](http://shibboleth.internet2.edu/), and many others. |
|||
|
|||
To follow updates to this plugin, visit: |
|||
|
|||
http://danieltwc.com/ |
|||
|
|||
For help with this version, visit: |
|||
|
|||
http://danieltwc.com/2011/http-authentication-4-0/ |
|||
|
|||
== Installation == |
|||
|
|||
1. Login as an existing user, such as admin. |
|||
2. Upload the `http-authentication` folder to your plugins folder, usually `wp-content/plugins`. (Or simply via the built-in installer.) |
|||
3. Activate the plugin on the Plugins screen. |
|||
4. Add one or more users to WordPress, specifying the external username for the "Username" field. Also be sure to set the role for each user. |
|||
5. Logout. |
|||
6. Protect `wp-login.php` and `wp-admin` using your external authentication (using, for example, `.htaccess` files). |
|||
7. Try logging in as one of the users added in step 4. |
|||
|
|||
Note: This version works with WordPress 3.0 and above. Use the following for older versions of WordPress: |
|||
|
|||
* Wordpress 2.0: [Version 1.8](http://downloads.wordpress.org/plugin/http-authentication.1.8.zip) |
|||
* Wordpress 2.5 through 2.9.x: [Version 2.4](http://downloads.wordpress.org/plugin/http-authentication.2.4.zip) |
|||
|
|||
== Frequently Asked Questions == |
|||
|
|||
= What authentication mechanisms can I use? = |
|||
|
|||
Any authentication mechanism which sets the `REMOTE_USER` (or `REDIRECT_REMOTE_USER`, in the case of ScriptAlias'd PHP-as-CGI) environment variable can be used in conjunction with this plugin. Examples include Apache's `mod_auth` and `mod_auth_ldap`. |
|||
|
|||
= How should I set up external authentication? = |
|||
|
|||
This depends on your hosting environment and your means of authentication. |
|||
|
|||
Many Apache installations allow configuration of authentication via `.htaccess` files, while some do not. Try adding the following to your blog's top-level `.htaccess` file: |
|||
`<Files wp-login.php> |
|||
AuthName "WordPress" |
|||
AuthType Basic |
|||
AuthUserFile /path/to/passwords |
|||
Require user dwc |
|||
</Files>` |
|||
|
|||
(You may also want to protect your `xmlrpc.php` file, which uses separate authentication code.) |
|||
|
|||
Then, create another `.htaccess` file in your `wp-admin` directory with the following contents: |
|||
`AuthName "WordPress" |
|||
AuthType Basic |
|||
AuthUserFile /path/to/passwords |
|||
Require user dwc` |
|||
|
|||
In both files, be sure to set `/path/to/passwords` to the location of your password file. For more information on creating this file, see below. |
|||
|
|||
= Where can I find more information on configuring Apache authentication? = |
|||
|
|||
See Apache's HOWTO: [Authentication, Authorization, and Access Control](http://httpd.apache.org/docs/howto/auth.html). |
|||
|
|||
= How does this plugin authenticate users? = |
|||
|
|||
This plugin doesn't actually authenticate users. It simply feeds WordPress the name of a user who has successfully authenticated through Apache. |
|||
|
|||
To determine the username, this plugin uses the `REMOTE_USER` or the `REDIRECT_REMOTE_USER` environment variable, which is set by many Apache authentication modules. If someone can find a way to spoof this value, this plugin is not guaranteed to be secure. |
|||
|
|||
By default, this plugin generates a random password each time you create a user or edit an existing user's profile. However, since this plugin requires an external authentication mechanism, this password is not requested by WordPress. Generating a random password helps protect accounts, preventing one authorized user from pretending to be another. |
|||
|
|||
= If I disable this plugin, how will I login? = |
|||
|
|||
Because this plugin generates a random password when you create a new user or edit an existing user's profile, you will most likely have to reset each user's password if you disable this plugin. WordPress provides a link for requesting a new password on the login screen. |
|||
|
|||
Also, you should leave the `admin` user as a fallback, i.e. create a new account to use with this plugin. As long as you don't edit the `admin` profile, WordPress will store the password set when you installed WordPress. |
|||
|
|||
In the worst case scenario, you may have to use phpMyAdmin or the MySQL command line to [reset a user's password](http://codex.wordpress.org/Resetting_Your_Password). |
|||
|
|||
= Can I configure the plugin to support standard WordPress logins? = |
|||
|
|||
Yes. You can authenticate some users via an external, single sign-on system and other users via the built-in username and password combination. (Note: When mixed authentication is in use, this plugin does not scramble passwords as described above.) |
|||
|
|||
When you configure your external authentication system, make sure that you allow users in even if they have not authenticated externally. Using [Shibboleth](http://shibboleth.internet2.edu/) as an example: |
|||
`AuthName "Shibboleth" |
|||
AuthType Shibboleth |
|||
Require Shibboleth` |
|||
|
|||
This enables Shibboleth authentication in ["passive" mode](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPProtectContent). |
|||
|
|||
Then, in WordPress: |
|||
|
|||
1. Set the plugin to allow WordPress authentication. |
|||
2. Configure the login URI to match your Shibboleth system. For example, if your blog is hosted at `http://example.com/`, then your login URI should be `http://example.com/Shibboleth.sso/Login?target=%redirect_encoded%`. |
|||
3. Configure the logout URI to match your Shibboleth system. Following the above example, your logout URI would be `http://example.com/Shibboleth.sso/Logout?return=%redirect_encoded%`. |
|||
|
|||
After saving the options, authentication will work as follows: |
|||
|
|||
* If a user is already authenticated via Shibboleth, and he or she exists in the WordPress database, this plugin will log them in automatically. |
|||
* If a user is not authenticated via Shibboleth, the plugin will present the standard WordPress login form with an additional link to login via Shibboleth. |
|||
|
|||
Other authentication systems (particularly those without a login or logout URI) will need to be configured differently. |
|||
|
|||
= Does this plugin support multisite (WordPress MU) setups? = |
|||
|
|||
Yes, you can enable this plugin across a network or on individual sites. However, options will need to be set on individual sites. |
|||
|
|||
If you have suggestions on how to improve network support, please submit a comment. |
|||
|
|||
= How do you handle staged deployments (dev, test, prod) with the plugin? = |
|||
|
|||
If you have a WordPress site with multiple environments (e.g. `dev.example.com`, `test.example.com`, and `example.com`) you can use additional variables in the login and logout URIs: |
|||
|
|||
* `%host%` - The current value of `$_SERVER['HTTP_HOST']` |
|||
* `%base%` - The base domain URL (everything before the path) |
|||
* `%site%` - The WordPress home URI |
|||
* `%redirect%` - The return URI provided by WordPress |
|||
|
|||
You can also use `%host_encoded%`, `%site_encoded%`, and `%redirect_encoded%` for URL-encoded values. |
|||
|
|||
For example, your login URI could be: |
|||
|
|||
`https://%host%/Shibboleth.sso/Login?target=%redirect_encoded%` |
|||
|
|||
This would be modified for each environment as appropriate. |
|||
|
|||
== Screenshots == |
|||
|
|||
1. Plugin options, allowing WordPress authentication |
|||
2. WordPress login form with external authentication link |
|||
|
|||
== Changelog == |
|||
|
|||
= 4.5 = |
|||
* Avoid some PHP notices due to saving options (William Schneider) |
|||
* Fix for redirect loop on some multisite setups (#1497) |
|||
* Add option to support additional $_SERVER variables in authentication (#1477) |
|||
* Remove use of call-time pass by reference to avoid warnings on PHP 5.3 and newer |
|||
* Fix deprecation notice in WordPress 3.3 on `get_userdatabylogin` (#1513) |
|||
* Fix deprecation notice in WordPress 3.1 and later for including wp-includes/registration.php |
|||
* Associate options page label tags with their input fields (#1514) |
|||
|
|||
= 4.4 = |
|||
* Update CSS to correctly center login button on WordPress 3.3 |
|||
|
|||
= 4.3 = |
|||
* Update plugin URIs |
|||
|
|||
= 4.2 = |
|||
* Declare support for WordPress 3.2.1 |
|||
* Extend variable replacement for staged deployments |
|||
* Wrap redirect parameter on login to force us through `wp-login.php` so we can check the external authentication (thanks to Josh Larios) |
|||
|
|||
= 4.1 = |
|||
* Declare support for WordPress 3.2 |
|||
* Update screenshots for WordPress 3.2 |
|||
|
|||
= 4.0 = |
|||
* Restore (and improve) support for falling back to WordPress password authentication |
|||
* Remove migration of old options format (we'll assume enough people have upgraded) |
|||
|
|||
= 3.3 = |
|||
* Update options handling to better support WordPress MU |
|||
|
|||
= 3.2 = |
|||
* Restore password generation for adding and editing users |
|||
|
|||
= 3.1 = |
|||
* Bump version number to make 3.0.1 the latest version on wordpress.org |
|||
|
|||
= 3.0.1 = |
|||
* Handle authentication cookies more gracefully |
|||
|
|||
= 3.0 = |
|||
* Add support for WordPress 3.0 |
|||
* Update WordPress MU support for WordPress 3.0 |
|||
|
|||
= 2.4 = |
|||
* Add support for WordPress MU (Elliot Kendall) |
|||
* Allow for mixed HTTP and built-in authentication by falling back to wp-login.php (Elliot Kendall) |
|||
|
|||
== Upgrade Notice == |
|||
|
|||
= 4.5 = |
|||
Avoid some PHP errors and warnings; add support for choosing $_SERVER variables |
|||
|
|||
= 4.4 = |
|||
Minor CSS fix for WordPress 3.3 |
|||
|
|||
= 4.3 = |
|||
No code changes; updating plugin URIs |
|||
|
|||
= 4.2 = |
|||
Extends support for variable replacement |
|||
|
|||
= 4.1 = |
|||
Minor update for WordPress 3.2 |
|||
|
After Width: 1207 | Height: 964 | Size: 196 KiB |
|
After Width: 1207 | Height: 894 | Size: 70 KiB |
Write
Preview
Loading…
Cancel
Save
Reference in new issue