Linux 软件免费装
Banner图

SimpleShib

开发者 srg-1
更新时间 2020年6月20日 06:38
PHP版本: 7.2 及以上
WordPress版本: 5.4
版权: MIT

标签

login authentication sso shibboleth

下载

详情介绍:

SimpleShib is a WordPress plugin to authenticate users with a Shibboleth Single Sign-On infrastructure. This plugin will not work if you do not have a Shibboleth IdP and SP already configured. When a WordPress login request is received from a user, the Shibboleth session is validated. If the session does not exist, user is redirected to the IdP login page. Once authenticated at the IdP, the user is redirected back to WordPress and logged into their local WordPress account. If a local account does not exist, one can optionally be created. User data (login, name, and email) is updated in WordPress from the IdP data upon every login. Additionally, the user is restricted from manually changing those fields on their profile page. On multisite instances of WordPress, SimpleShib can only be network-activated. The plugin settings include options for autoprovisioning, custom IdP attributes, password reset/change URLs, and session initiation/logout URLs. SimpleShib is developed on GitHub. Please submit bug reports and contributions on the GitHub project page. For general support and questions, please use the WordPress support forum. This plugin is not affiliated with the Shibboleth or Internet2 organizations.

安装:

This plugin will not work if you do not have a Shibboleth IdP and SP already configured. The shibd daemon must be installed, configured, and running on the same server as Apache/WordPress. Additionally, Apache's mod_shib module must be installed and enabled. These steps vary based on your operating system and environment. Installation and configuration of the IdP and SP is beyond the scope of this plugin's documentation. Reference the official Shibboleth documentation.
  1. Install the plugin to wp-content/plugins/simpleshib via your normal plugin install method (download and extract ZIP, wp plugin install, etc).
  2. Add the following to Apache's VirtualHost block and restart Apache. This will ensure the shibd daemon running on your server will handle /Shibboleth.sso/ requests instead of WordPress.
<Location /> AuthType shibboleth Require shibboleth </Location> RewriteEngine on RewriteCond %{REQUEST_URI} ^/Shibboleth.sso($|/) RewriteRule . - [END] 1. Activate the SimpleShib plugin in WordPress. 1. Browse to Settings->SimpleShib and edit the configuration.

屏幕截图:

  • The first half of the SimpleShib plugin settings within the WordPress admin menu.
  • The second half of the SimpleShib plugin settings within the WordPress admin menu.

常见问题:

What is Shibboleth?

From Wikipedia:

"Shibboleth is a single sign-on (log-in) system for computer networks and the Internet. It allows people to sign in using just one identity to various systems run by federations of different organizations or institutions. The federations are often universities or public service organizations."

Can I test this without an IdP?

Maybe. Check out TestShib.org. Note, you still need the SP/shibd configured on the server with Apache/WordPress.

A shibboleth plugin already exists; why write another?

My attempts to use the other Shibboleth plugin failed for various technical reasons. It seemed to be unmaintained at the time. I ended up modifying the plugin heavily. I finally got to the point where I just wrote my own.

The domain name is not correct after a redirect

Add the following to Apache's config: UseCanonicalName On

Can I automatically set user roles based on IdP data?

No. SimpleShib handles authentication, not authorization. Authorization is managed within WordPress by network admins or site admins.

What's this MIT license?

SimpleShib is released under the MIT license. The MIT license is short, simple, and very permissive. Basically, you can do whatever you want, provided the original copyright and license notice are included in any/all copies of the software. You may modify, distribute, sell, incorporate into proprietary software, use privately, and use commerically. There is no warranty and the author or any contributors are not liable if something goes wrong. See the LICENSE file for full details.

更新日志:

1.2.2 1.2.1 1.2.0 1.1.1 1.1.0 1.0.3 1.0.2 1.0.1 1.0.0