Dear friends,
I'm using this plugin to manage both authentication and authorization, about the last one @pitbulk
suggested using _Trigger wplogin hook so I've changed the functions.php file of the active template
and added my function:
This function allows login to any users that belong to mydomain.it, besides other local users.
With this customization authorization works fine but I can check only values of WP_user object.
I think that is a kind of limit, I'd like the wp_login function to check the attributes received from IDP.
If I understand onelogin_samlsso code these values exist in $attrs_ array, so the change that I suggest
refers to the onelogin-saml-sso/php/functions.php :
orignal code, row number 468:
_do_action( 'wp_login', $user->userlogin, $user );
Dear friends, I'm using this plugin to manage both authentication and authorization, about the last one @pitbulk suggested using _Trigger wplogin hook so I've changed the functions.php file of the active template and added my function:
_function wp_user_mail_check($user_login, $user) { $infndomain="@mydomain.it"; $mail="$user->user_email"; $username="$user->user_login"; $localusers[]="enrico"; $localusers[]="fabrizio"; $localuser_wp="false"; foreach ( $localusers as $localuser ) { if ( "$username" == "$localuser" ) { $localuser_wp = "true"; } } if ( $localuser_wp == "false" && !(preg_match("$infndomain",$mail)) ) { get_header(); echo "
"; echo "ERROR. User $username, $mail, is not authorized"; echo "
"; get_sidebar(); get_footer(); exit; } } add_action( 'wp_login', 'wp_user_mailcheck',10,2);This function allows login to any users that belong to mydomain.it, besides other local users.
With this customization authorization works fine but I can check only values of WP_user object.
I think that is a kind of limit, I'd like the wp_login function to check the attributes received from IDP. If I understand onelogin_samlsso code these values exist in $attrs_ array, so the change that I suggest refers to the onelogin-saml-sso/php/functions.php :
orignal code, row number 468: _do_action( 'wp_login', $user->userlogin, $user );
replace with: _do_action( 'wp_login', $user->userlogin, $user , $attrs);
What do you think about it ? If it doesn't work is there a possible alternative ? Thanks a lot Best Regards Enrico