v2.1

Changes include:

• Resolved an issue where in multisite users could inadvertently be sent to an unrelated subsite after logging in; thanks to @themantimeforgot for reporting and props to @jrchamp for the fix.
• Resolved an regression that prevented users from authenticating if shibboleth_default_role is blank and shibboleth_create_accounts is enabled; props @jrchamp.
• Cleaned up the shibboleth_authenticate_user function; props @jrchamp.
• Allowed translate.wordpress.org compatibility; thanks to @eric-gagnon for reporting and props to @jrchamp for the fix.
• Resolved a conflict that caused the lost password and reset password forms to break; props @jrchamp.
• Resolves an issue where the password reset URL wasn't being properly displayed on wp-login.php; thanks to @earnjam for reporting.
• Prevents local password resets if local authentication is disabled; thanks to @earnjam for reporting.
• Prevents local password changes if local authentication is disabled; thanks to @earnjam for reporting.
• Standardized the way we check if options are set as constants to prevent duplicate code.
• For manual account merges, ensure that email comparisons are case insensitive; thanks to @mrbrown8 for reporting.
• Introduces available logging for various actions the plugin takes.

v2.0.2

Changes include:

• Resolved an issue that caused manual linking of accounts to fail if user's didn't have an existing Shibboleth session.

v2.0.1

Changes include:

• Resolved a regression that prevented accounts from being created if they matched a group; thanks to @Androclese for reporting.
• Resolved an issue where assets were not being properly included in the WordPress.org packaged plugin.

v2.0

Changes include:

• Changed the way we check for Shibboleth attributes. Now, by default, we only check standard environment variables for Shibboleth attributes. For most users, no additional configuration will be necessary. If you are using a specialized server configuration, such as a Shibboleth Service Provider on a reverse proxy or a server configuration that results in environment variables being sent with the prefix REDIRECT_, you should instead select the option specific to your server configuration. Selecting the "Redirected Environment Variables" option will look for attributes in environment variables prefixed with REDIRECT_ while selecting the "HTTP Headers" option will look for attributes in environment variables (populated by HTTP Headers) prefixed with HTTP_. Most users should be fine leaving the default option selected; thanks to @jrchamp for reporting.
• Changed the default behavior to not automatically update user roles.
• Allow options to be defined via constants. Documentation has been added to the "FAQ" section of the WordPress.org plugins page.
• Allow automatic and manual merging of local WordPress accounts with Shibboleth accounts. This prevents a collision from occurring if the Shibboleth email attribute matches an email that already exists in the wp_users table. This is configurable by an administrator.
• Changed the options page to utilize a more modern design centered around tabs.
• Added signifcant customizations to the login page to bring it more in-line with WordPress.com Single Sign On.
• Disabled the sending of an email notifying user's that their email had changed when the Shibboleth plugin updates user attributes to prevent user confusion; props @jrchamp.
• Removed the shibboleth-mu.php file as it is no longer relevant.

v1.8.1

Changes include:

• Use sanitize_title rather than sanitize_user to sanitize user_nicename; props @jrchamp.
• Changed activation and deactivation hooks to use __FILE__; props @jrchamp.
• Reverted to using $_SERVER in shibboleth_getenv() to handle use cases where getenv() doesn't return data; thanks to @jmdemuth for reporting.

v1.8

The Shibboleth plugin is now being maintained by michaelryanmcneill. Contributions are welcome on GitHub!

Changes include:

• Adding the ability to disable .htaccess modifications with a wp-config.php constant (SHIBBOLETH_DISALLOW_FILE_MODS).
• Added shibboleth_getenv() to support various prefixed environment variables from Shibboleth, includingREDIRECT_ and HTTP_; props @cjbnc and @jrchamp.
• Update various deprecated WordPress functions, including update_usermeta() and get_userdatabylogin(); props @skoranda.
• Resolved undefined index when calling shibboleth_session_initiator_url(); props @skoranda.
• Added support for PHP 7.x; props to many people.
• Added shibboleth_authenticate_user filter; props @boonebgorges.
• Resolved undefined index on admin-options.php; props @HirotoKagotani, @jrchamp, and @stepmeul.
• Resolved HTML markup mistake; props @HirotoKagotani.
• Adds an update success message to let user's know their settings were saved, using the Settings API.