Enable IDP discovery service or disable settings function

[yasvanth]

Hi,
I have used this plugin(v.0.5) which allows us to configure the simplesamlphp setting in wp-saml-auth.php and uses discovery service from simpleSAMLPHP configuration. Whereas now we need to define the IDP provider details in setting page to activate the plugin.

I authenticate users from different IDP to my website, Is there a way to disable plugin setting in wp-saml-auth?

Best,
Yash

[danielbachhuber]

Hi @yasvanth,

Sorry, I'm not sure I understand fully. To confirm, you'd like to simply disable the plugin settings page in the backend?

To clarify, could you share some screenshots of what you're referring to?

Thanks!

[yasvanth]

@danielbachhuber , Thanks for your prompt response.
Earlier versions plugin (like 0.5), plugin didnt have wp-saml setting page where all the configuration are defined in simplesamlphp (whether to use single IDP or discovery services) .
In v1.0, new wp-saml setting IDP details are configured and which doesnt enable to use IDP discovery services.
I have given URL where a service triggers IDP discovery service.
IDP discovery services = https://edugate.heanet.ie/Whoami/Login

[danielbachhuber]

Hi @yasvanth,

I'm still not 100% clear on what your question is, sorry about that.

Are you potentially looking for something similar to #87?

[yasvanth]

@danielbachhuber, Let me provide some information

We have wordpress site which is used by multiple institutions. User login to site by authenticating using their campus IDP. In order to allow multiple authz from multiple IDP, SAML SP will use a option called "IDP discovery service" where user selects their respective IDP from the list.

In traditional way we configure this on SAML software such as simplesamlphp or shibboleth as example below:
simplesamlphp config (authosource.php)

        // Can be NULL/unset, in which case an entity ID is generated based on the metadata URL.
        'entityID' => 'https://www.example.com/simplesaml',

        // The entity ID of the IdP this SP should contact.
        // Can be NULL/unset, in which case the user will be shown a list of available IdPs.
        'idp' => null,

        // The URL to the discovery service.
        // Can be NULL/unset, in which case a builtin discovery service will be used.
        'discoURL' => 'https://ds.heanet.ie/DS/',
    ],

If idp value is provided SP will trigger SAML request to single IDP else uses discoURL.

This site will show how discovery service works : https://edugate.heanet.ie/Whoami/Login .

In older versions of plugin, we define this in simplesamlphp config whereas now wp-saml setting page has IDP configurations as shown in image, where IDP details are mandatory.

Form the Image you could see that we need to define SP/IDP details even though we have configured in simplesamlphp.

My question: Is it possible to override/dissable this section and to use the configs from simplesamlphp which is installed in the service along with wordpress.

Thanks,
Yash

[danielbachhuber]

Thanks for the clarification, @yasvanth . I think I have a better understanding of what you're trying to do.

The backend page only appears if you haven't configured your options through a filter. Can you try adding the following to your theme's functions.php or a mu-plugin?

add_filter(
	'wp_saml_auth_option',
	function( $value ) {
		return $value;
	}
);

If that code snippet is enabled, you should see this as your backend screen instead:

[yasvanth]

@danielbachhuber Thanks for the fix, it works as expected.

Best,
Yash

[danielbachhuber]

Great! Glad we were able to find a solution.