Open ktbartholomew opened 7 years ago
It seems they're taking issue with lines like https://github.com/ktbartholomew/saml-20-single-sign-on/blob/master/src/saml/www/_include.php#L25 and would prefer that we lean on built-in WordPress actions to then trigger our behaviors.
It looks like the init
action fires early enough for the plugin to intercept the usual WordPress goings-on and either respond with XML metadata or process a SAML assertion (basically the only two things for which we use SimplSAMLPHP directly). There are a few challenges in switching to this way of doing things:
/saml/acs
or something, but that could very easily conflict with existing permalinks or a site that simply can't/doesn't use permalinks. We could also use a query string like ?saml_action=get_metadata
that could be appended to any URL. Not sure if some IDPs would have a problem doing an HTTP redirect binding to an endpoint that requires a query string. How we do this could also be user-configurable if no single way is win-win.Also, since this will drastically change the way users and IDPs interact with sites using this plugin, fixing this will probably necessitate a major revision bump.
@ktbartholomew Just started looking at this plugin, but if you're after a custom endpoint, perhaps the REST API would work?
https://developer.wordpress.org/rest-api/extending-the-rest-api/adding-custom-endpoints/
@ktbartholomew Any word/eta on having this back into the WP registry?
@jeremykenedy https://github.com/ktbartholomew/saml-20-single-sign-on/pull/21 aims to resolve the things that the WP registry has taken issue with. Unfortunately, there's still a lot of work left to be done before that pull request can be shipped. The best ETA I can provide is "when I have time".
Via email: