Attribute Mapping

[donovandb]

Hello, I am passing an attribute that is a flag for wordpresses 'remember me' feature.

In addition to: Username E-mail First Name Last Name Role

To have a 'remember me' field to enact WordPresses, 'rememeber me' cookie, (which I think is a default of 14 days).

I would be happy to be a test subject for this if anyone has an idea on how to accomplish it.

Currently I am passing the attribute: 'auth_rememberme' with a value of 'yes'.

[pitbulk]

Extend the saml_acs method.

With

 $attrs = $auth->getAttributes();

You obtain all attributes sent by OneLogin. You can then get the "remember me" value and save it as you want.

[donovandb]

Yes, that is what I was working on... but I think also the /php/configuration.php file may need to be edited, so that I can properly map the field. I have done this so far:

Changed /php/functions.php, starting line 281: ` } else if ($user_id) { wp_set_current_user($user_id);

       $remembermeMapping = get_option('onelogin_saml_attr_mapping_rememberme');
       if ( !empty($remembermeMapping) && isset($attrs[$remembermeMapping]) && !empty($attrs[$remembermeMapping][0])) {
           $rememberme = $attrs[$remembermeMapping][0];
       }

       if ( isset($rememberme) ) {
           if ( $rememberme == 'yes' ) {
               wp_set_auth_cookie($user_id, true);
           } else {
               wp_set_auth_cookie($user_id);
           }
       } else {
           wp_set_auth_cookie($user_id);
       }

    setcookie('saml_login', 1, time() + YEAR_IN_SECONDS, SITECOOKIEPATH );
}`

Then, working on /php/configuration.php, I've added to line 90: 'onelogin_saml_attr_mapping_rememberme' => __('Remember Me', 'onelogin-saml-sso')

The above adds a label 'Remember Me' to the mapping area, but does not yet add the field, so that I can specify the map. I'm a bit stuck at that point.

Donovan

[donovandb]

Okay, I have this working correctly now. Here is the basic steps for anyone needing the rememberme option: 1.) edit /php/functions.php as I have suggested above.

2.) edit /php/configuration.php as I have suggested above, but also include this (around line 290): function plugin_setting_string_onelogin_saml_attr_mapping_rememberme() { echo '<input type="text" name="onelogin_saml_attr_mapping_rememberme" id="onelogin_saml_attr_mapping_rememberme" value= "'.esc_html(get_option('onelogin_saml_attr_mapping_rememberme')).'" size="30">'; }

Now, assuming you are passing a 'rememberme' attribute that has the value of 'yes'... map that SAML attribute name in the Wordpress Settings => SSO/SAML Settings.

You will see a new 'Remember Me' field in the Attribute Mapping Section.

I did this all above... logged out of wordpress, logged into wordpress with a 'remember me' box checked, and I am now successfully using wordpresses default 'remember me' expiry of 14 days, rather than using the session cookie.

If the admin desires, I can make a fork with my fixes.

[pitbulk]

Nice.

If you can send a PR, for people will be easier to add to its project.

Maybe I can include it in a future release.

[matgargano]

OK , so I believe there is a cleaner way of doing this.

All you need to do is add in a WordPress action in the functions.php file, I have already issued a PR: https://github.com/onelogin/wordpress-saml/pull/59

The way you would handle this would be adding something like the following in a plugin or a theme:

add_action( 'onelogin_saml_attrs', function ( $attrs, $user, $user_id ) {
    // at this point you get all of the assertions from SAML, including $attrs[$remembermeMapping] and you can do whatever you want.

    // for example if you wanted to sync user meta with assertion data from SAML every time a user logs in, you could add here, assuming an assertion exists for `favorite_food` in the attrs['data'] that return from SAML.

    update_user_meta( $user_id, 'favorite_food', $attrs['data']['favorite_food'] );

}, 10, 3 );

By adding a simple one liner to the plugin, keeping it lean, you can outsource any logic into your plugin or theme.

[dwieyoko]

@pitbulk How to set the Role Mapping? Is there example that can guide me?

[donovandb]

Probably best to start your own issue.