We would provide this using https://github.com/clifgriffin/simple-ldap-login

• Make a PR to submit a composer.json and request the maintainer to publish it on packagist
• Once the above has happened require it in this package
• Add Altis configuration support for all plugin options
• Add documentation

For further details on SAML 2.0, see the wp-simple-sample plugin details.

Should be wp-simple-saml instead

Each environment (ie. dev/staging/prod) requires a separate IdP metadata file, but these all need to go into the same repo. Therefore the SSO config needs to allow a different IdP file name or path to be specified for each environment that the user sets up.

Currently we don't have a tagged version, as the upstream tags versions from the master branch. See https://github.com/humanmade/wp-simple-saml/releases

When migrating one of the projects to Altis we came across an error in SSO module, particularly from SAML library.

The response was received at https://domain.com:8080/sso/verify instead of https://doman.com/sso/verify

My assumption was that due to some docker networking SAML library was reading the port number incorrectly, It was reading it 8080 but it was expected to be 443 (or 80).

To fix this we simply had to set the port to 443 explicitly from the loader -

// Set server port to 443 for SAML.
if ( class_exists( '\\OneLogin\\Saml2\\Utils' ) ) {
	\OneLogin\Saml2\Utils::setSelfPort( '443' );
}

This issue was also reproduced locally using local testing method mentioned in the wiki here - https://github.com/humanmade/wp-simple-saml/wiki/Testing-SSO-locally
I had to change the default port numbers to set it up locally as port 8080 is also used by Altis local-server

(Note while debugging we first disabled the Altis SSO module to find if the problem was in any customizations in this module, but the issue still persisted so I believe the issue will also be there when using Altis SSO module as that as well uses the same plugin under the hood)

There's at-least 1 new release 1.0.1.

Some of the custom URLs needed for SSO support are blocked by require login, these should be allowed out of the box using the apply_filters( 'hm-require-login.allowed_pages', $allowed, $page ); filter.

Per https://www.altis-dxp.com/resources/docs/getting-started/configuration/ the directory we use for config is .config.

The path on this line needs correcting https://github.com/humanmade/altis-sso/blob/master/inc/saml/namespace.php#L34

Acceptance criteria:

• Adding a file called saml-idp-metadata.xml in the .config/sso directory causes ***

The module expects a config file to exist, and falls back to the default file in .sso/config from the skeleton project, which doesn't necessarily exist on all installations.

Steps to reproduce:

1. Remove the .config/sso/saml-idp-metadata.xml file
2. Try to generate the SP metadata XML by visiting https://site/sso/metadata

You should see the SP metadata XML file generated, but right now it errors out with Invalid SSO settings. Contact your administrator.

The solution would be to move the default file to the module directory to ensure it always exists, and load it from there, and remove it from the skeleton project.

Related to support request: https://humanmade.zendesk.com/agent/tickets/5673

We should consider supporting OpenID Connect (OIDC), both for inbound and outbound.

Context

The SSO module documentation doesn't mention how to generate the service metadata file, which is often needed to setup the IdP provider settings as per the wp-simple-saml plugin documentation.

We also need to add a note that IdP providers typically require a different application to be created on their end for each environment, eg: a metadata file generated for the dev environment cannot be used for the prod environment, etc.

Noticed by @pdewouters:

https://github.com/humanmade/altis-sso/blob/master/inc/wordpress/namespace.php#L18

This ticket addresses the issues raised by the documentation linting

composer dev-tools lintdocs all -l packages/sso

File Issues:

None

Markdown issues:

Linting: 3 file(s)
Summary: 58 error(s)

Style issues:

9 errors, 0 warnings and 0 suggestions in 3 files.

Placeholder: looking at commonalities between SSO implementations to reduce duplication of effort