Configure Wordpress 3.5 with Shibboleth2
Recently I installed Wordpress. There was a requirement to get Single Sign On (SSO) working for the admin users.
Googling for Shibboleth and Wordpress brings up a Wordpress plugin that hasn’t been updated in over two years.
There were some problems with this plugin:
1). It didn’t work. I thought I’d try it any way, it’s broken.
2). The plugin automatically creates users in the Wordpress DB if they don’t exist.
Ideally in our secure environments we don’t want users getting automatically created anywhere.
I thought about trying to fix the plugin, but considering I don’t really do PHP or Wordpress the time investment would be too high. Therefore I started looking for alternative SSO methods or rather SSO plugins. After thinking about how our other SSO based sites worked I remembered about the REMOTE_USER Apache variable. (Cue Google…)
The solution was to uninstall the broken Shibboleth2 plugin and install the ‘HTTP Authentication’ plugin here. Just ensure /wp-admin/ location in protected by Shibboleth and manually create the users in Wordpress. If they don’t exist in Wordpress then they fail to login…Exactly what we require!