search

SAML-Toolkits / wordpress-saml

OneLogin SAML plugin for Wordpress
MIT License
65 stars 74 forks source link

Programmatic Configuration & Callback Endpoints #118

Closed greg-harrison closed 2 years ago

greg-harrison commented 3 years ago

Hi everyone,

We are setting up this plugin for use with our Okta access management software and had a few questions.

We are wanting to have a consistent setup between all of our environments. Is there a way to programmatically configure the plugin options without using the UI? Would, for example, using WP's update_option() method, be sufficient to achieve this goal?

Is there a way to configure a callback endpoint that the Idp (Okta) can call into to pass the user data to the application?

sandykadam commented 3 years ago

Hi Greg,

I also have similar requirement where we setup multiple websites and I'm using php script to update the plugin configurations as below: Hope it helps

// WP update SAML options values
update_option( 'onelogin_saml_enabled', 'on');
update_option( 'onelogin_saml_idp_entityid', $SAML_IDP_PATH);
update_option( 'onelogin_saml_idp_sso', $SAML_IDP_PATH);
update_option( 'onelogin_saml_idp_slo', $SAML_IDP_PATH);
update_option( 'onelogin_saml_idp_x509cert', 'YOUR_KEY');
update_option( 'onelogin_saml_autocreate', 'on');
update_option( 'onelogin_saml_updateuser', 'on');
update_option( 'onelogin_saml_forcelogin', '');
update_option( 'onelogin_saml_slo', 'on');
update_option( 'onelogin_saml_keep_local_login', '');
update_option( 'onelogin_saml_account_matcher', 'email');
update_option( 'onelogin_saml_alternative_acs', '');
update_option( 'onelogin_saml_attr_mapping_username', 'mail');
update_option( 'onelogin_saml_attr_mapping_mail', 'mail');
update_option( 'onelogin_saml_attr_mapping_firstname', 'cn');
update_option( 'onelogin_saml_attr_mapping_lastname', '');
update_option( 'onelogin_saml_attr_mapping_role', '');
update_option( 'onelogin_saml_attr_mapping_rememberme', '');
update_option( 'onelogin_saml_role_mapping_administrator', '');
update_option( 'onelogin_saml_role_mapping_editor', '');
update_option( 'onelogin_saml_role_mapping_author', '');
update_option( 'onelogin_saml_role_mapping_contributor', '');
update_option( 'onelogin_saml_role_mapping_subscriber', '');
update_option( 'onelogin_saml_role_mapping_multivalued_in_one_attribute_value', '');
update_option( 'onelogin_saml_role_mapping_multivalued_pattern', '');
update_option( 'onelogin_saml_role_order_administrator', '');
update_option( 'onelogin_saml_role_order_editor', '');
update_option( 'onelogin_saml_role_order_author', '');
update_option( 'onelogin_saml_role_order_contributor', '');
update_option( 'onelogin_saml_role_order_subscriber', '');
update_option( 'onelogin_saml_customize_action_prevent_local_login', '');
update_option( 'onelogin_saml_customize_action_prevent_reset_password', 'on');
update_option( 'onelogin_saml_customize_action_prevent_change_password', 'on');
update_option( 'onelogin_saml_customize_action_prevent_change_mail', 'on');
update_option( 'onelogin_saml_customize_stay_in_wordpress_after_slo', '');
update_option( 'onelogin_saml_customize_links_user_registration', '');
update_option( 'onelogin_saml_customize_links_lost_password', '');
update_option( 'onelogin_saml_customize_links_saml_login', '');
update_option( 'onelogin_saml_advanced_settings_debug', '');
update_option( 'onelogin_saml_advanced_settings_strict_mode', '');
update_option( 'onelogin_saml_advanced_idp_lowercase_url_encoding', '');
update_option( 'onelogin_saml_advanced_settings_nameid_encrypted', '');
update_option( 'onelogin_saml_advanced_settings_authn_request_signed', '');
update_option( 'onelogin_saml_advanced_settings_logout_request_signed', '');
update_option( 'onelogin_saml_advanced_settings_logout_response_signed', '');
update_option( 'onelogin_saml_advanced_settings_want_message_signed', '');
update_option( 'onelogin_saml_advanced_settings_want_assertion_signed', '');
update_option( 'onelogin_saml_advanced_settings_want_assertion_encrypted', '');
update_option( 'onelogin_saml_advanced_settings_retrieve_parameters_from_server', '');
update_option( 'onelogin_saml_advanced_nameidformat', 'persistent');
update_option( 'onelogin_saml_advanced_requestedauthncontext', '');
update_option( 'onelogin_saml_advanced_settings_sp_x509cert', 'YOUR_KEY');
update_option( 'onelogin_saml_advanced_settings_sp_privatekey', 'YOUR_KEY');
update_option( 'onelogin_saml_advanced_signaturealgorithm', 'http://www.w3.org/2000/09/xmldsig#rsa-sha1');
update_option( 'onelogin_saml_advanced_digestalgorithm', 'http://www.w3.org/2000/09/xmldsig#sha1');

OR you can use some shell script with wpcli commands as below:

wp option set onelogin_saml_autocreate 1;
wp option set onelogin_saml_updateuser 1;
wp option set onelogin_saml_forcelogin 0;
wp option set onelogin_saml_slo 1;
wp option set onelogin_saml_keep_local_login 0;
wp option set onelogin_saml_account_matcher 'email';
wp option set onelogin_saml_alternative_acs 0;
wp option set onelogin_saml_attr_mapping_username 'mail';
wp option set onelogin_saml_attr_mapping_mail 'mail';
wp option set onelogin_saml_attr_mapping_firstname 'cn';
wp option set onelogin_saml_attr_mapping_lastname '';
wp option set onelogin_saml_attr_mapping_role '';
wp option set onelogin_saml_attr_mapping_rememberme '';
wp option set onelogin_saml_role_mapping_administrator '';
wp option set onelogin_saml_role_mapping_editor '';
wp option set onelogin_saml_role_mapping_author '';
wp option set onelogin_saml_role_mapping_contributor '';
wp option set onelogin_saml_role_mapping_subscriber '';
wp option set onelogin_saml_role_mapping_multivalued_in_one_attribute_value 0;
wp option set onelogin_saml_role_mapping_multivalued_pattern '';
wp option set onelogin_saml_role_order_administrator '';
wp option set onelogin_saml_role_order_editor '';
wp option set onelogin_saml_role_order_author '';
wp option set onelogin_saml_role_order_contributor '';
wp option set onelogin_saml_role_order_subscriber '';
wp option set onelogin_saml_customize_action_prevent_local_login 0;
wp option set onelogin_saml_customize_action_prevent_reset_password 1;
wp option set onelogin_saml_customize_action_prevent_change_password 1;
wp option set onelogin_saml_customize_action_prevent_change_mail 1;
wp option set onelogin_saml_customize_stay_in_wordpress_after_slo 0;
wp option set onelogin_saml_customize_links_user_registration '';
wp option set onelogin_saml_customize_links_lost_password '';
wp option set onelogin_saml_customize_links_saml_login '';
wp option set onelogin_saml_advanced_settings_debug 0;
wp option set onelogin_saml_advanced_settings_strict_mode 0;
wp option set onelogin_saml_advanced_idp_lowercase_url_encoding 0;
wp option set onelogin_saml_advanced_settings_nameid_encrypted 0;
wp option set onelogin_saml_advanced_settings_authn_request_signed 0;
wp option set onelogin_saml_advanced_settings_logout_request_signed 0;
wp option set onelogin_saml_advanced_settings_logout_response_signed 0;
bmehta commented 3 years ago

@sandykadam - Thanks. Curious - on what hook do you run the update_option?

sandykadam commented 3 years ago

@sandykadam - Thanks. Curious - on what hook do you run the update_option?

Well my requirement is bit different, once my website is setup (bootstrap) by automation CI process I call separate custom PHP script which will update above values.

My script simply includes require($ROOT_PATH . '/wp-load.php'); and above commands to setup the configurations.