Title: WP SAML Auth
Author: Pantheon Systems
Published: <strong>18. Aprila 2016.</strong>
Last modified: 9. Marta 2026.

---

Pretražite dodatke

![](https://ps.w.org/wp-saml-auth/assets/banner-772x250.png?rev=3348767)

![](https://ps.w.org/wp-saml-auth/assets/icon-256x256.png?rev=3348767)

# WP SAML Auth

 Od [Pantheon Systems](https://profiles.wordpress.org/getpantheon/)

[Skini](https://downloads.wordpress.org/plugin/wp-saml-auth.2.3.1.zip)

 * [Detalji](https://bs.wordpress.org/plugins/wp-saml-auth/#description)
 * [Recenzije](https://bs.wordpress.org/plugins/wp-saml-auth/#reviews)
 *  [Instalacija](https://bs.wordpress.org/plugins/wp-saml-auth/#installation)
 * [Razvoj](https://bs.wordpress.org/plugins/wp-saml-auth/#developers)

 [Podrška](https://wordpress.org/support/plugin/wp-saml-auth/)

## Opis

SAML authentication for WordPress, using the bundled OneLogin SAML library or optionally
installed [SimpleSAMLphp](https://simplesamlphp.org/). OneLogin provides a SAML 
authentication bridge; SimpleSAMLphp provides SAML plus a variety of other authentication
mechanisms. This plugin acts as a bridge between WordPress and the authentication
library.

If your organization uses Google Apps, [integrating Google Apps with WP SAML Auth](https://pantheon.io/docs/wordpress-google-sso/)
takes just a few steps.

The standard user flow looks like this:

 * User can log in via SAML using a button added to the standard WordPress login
   view.
 * When the button is clicked, the user is handed off to the authentication library.
   With OneLogin, the user is redirected to the SAML identity provider. With SimpleSAMLphp,
   the user is redirected to the SimpleSAMLphp install.
 * Once the user is authenticated with the identity provider, they're redirected
   back to WordPress and signed in to their account. A new WordPress user will be
   created if none exists (although this behavior can be disabled).
 * When the user logs out of WordPress, they are also logged out of the identity
   provider.

A set of configuration options allow you to change the plugin's default behavior.
For instance, `permit_wp_login=>false` will force all authentication to go through
the SAML identity provider, bypassing `wp-login.php`. Similiarly, `auto_provision
=>false` will disable automatic creation of new WordPress users.

See installation instructions for full configuration details.

### Installing SimpleSAMLphp

The plugin supports both SimpleSAMLphp v1.x and v2.x. The autoloader is automatically
detected:

**SimpleSAMLphp v2.x** uses `vendor/autoload.php`
 **SimpleSAMLphp v1.x** uses `
lib/_autoload.php`

#### Default Search Paths

The plugin automatically searches for SimpleSAMLphp in these locations:
 * `ABSPATH.'
simplesaml'` * `ABSPATH . 'private/simplesamlphp'` * `ABSPATH . 'simplesamlphp'`*`
ABSPATH . 'vendor/simplesamlphp/simplesamlphp'` (Composer installation) * `plugin_dir_path.'
simplesamlphp'`

For each path, the plugin checks for both `vendor/autoload.php` (v2.x) and `lib/
_autoload.php` (v1.x).

**This means Composer installations work automatically!** If you run `composer require
simplesamlphp/simplesamlphp` in your site root, the plugin will find it without 
any additional configuration.

#### Composer Installation (Advanced)

If you install SimpleSAMLphp via Composer to a **custom location** (not the standard`
vendor/simplesamlphp/simplesamlphp`), you can specify the autoloader path:

    ```
    add_filter( 'wp_saml_auth_option', function( $value, $option_name ) {
        if ( 'simplesamlphp_autoload' === $option_name ) {
            // Point to your custom Composer vendor autoloader
            return '/custom/path/vendor/autoload.php';
        }
        return $value;
    }, 10, 2 );
    ```

#### Custom Installation Paths

If SimpleSAMLphp is installed in a non-default location, you can set custom search
paths with the `wp_saml_auth_simplesamlphp_path_array` filter:

    ```
    add_filter( 'wp_saml_auth_simplesamlphp_path_array', function( $simplesamlphp_path_array ) {
        // Override default paths with custom paths
        return [ '/custom/path/to/simplesamlphp' ];
    } );
    ```

Or define an explicit autoloader path with the `wp_saml_auth_ssp_autoloader` filter:

    ```
    add_filter( 'wp_saml_auth_ssp_autoloader', function( $ssp_autoloader ) {
        return ABSPATH . 'path/to/simplesamlphp/vendor/autoload.php';
    } );<h3>WP-CLI Commands</h3>
    ```

This plugin implements a variety of [WP-CLI](https://wp-cli.org) commands. All commands
are grouped into the `wp saml-auth` namespace.

    ```
    $ wp help saml-auth

    NAME

      wp saml-auth

    DESCRIPTION

      Configure and manage the WP SAML Auth plugin.

    SYNOPSIS

      wp saml-auth <command>

    SUBCOMMANDS

      scaffold-config      Scaffold a configuration filter to customize WP SAML Auth usage.
    ```

Use `wp help saml-auth <command>` to learn more about each command.

**Note:** The `scaffold-config` command generates a configuration function with 
default values. The `simplesamlphp_autoload` option is not included in the scaffolded
output because the plugin auto-detects SimpleSAMLphp installations. Only add this
option manually if SimpleSAMLphp is in a non-standard location.

### Contributing

See [CONTRIBUTING.md](https://github.com/pantheon-systems/wp-saml-auth/blob/main/CONTRIBUTING.md)
for information on contributing.

## Instalacija

Once you've activated the plugin, and have access to a functioning SAML Identity
Provider (IdP), there are a couple of ways WP SAML Auth can be configured:

 1. **Settings page in the WordPress backend.** The settings page offers the most common
    configuration options, but not all. It's located at “Settings” -> “WP SAML Auth”.
 2. **Code snippet applied with a filter.** The code snippet approach, documented below,
    allows access to all configuration settings. The settings page is disabled entirely
    when a code snippet is present.

If you're connecting directly to an existing IdP, you should use the bundled OneLogin
SAML library. The necessary and most common settings are available in the WordPress
backend.

If you have more complex authentication needs, then you can also use a SimpleSAMLphp
installation running in the same environment. These settings are not configurable
through the WordPress backend; they'll need to be defined with a filter. And, if
you have a filter in place, the WordPress backend settings will be removed.

**Note:** A security vulnerability was found in SimpleSAMLphp versions 2.0.0 and
below. It is highly recommended if you are using SimpleSAMLphp with WP SAML Auth
that you update your SimpleSAMLphp library to 2.4.0 or above. (See [CVE-2025-27773](https://nvd.nist.gov/vuln/detail/CVE-2025-27773)
and [The SimpleSAMLphp SAML2 library incorrectly verifies signatures for HTTP-Redirect bindings](https://github.com/advisories/GHSA-46r4-f8gj-xg56)
for more information.)

Additional explanation of each setting can be found in the code snippet below.

To install SimpleSAMLphp locally for testing purposes, the [Identity Provider QuickStart](https://simplesamlphp.org/docs/stable/simplesamlphp-idp)
is a good place to start. On Pantheon, the SimpleSAMLphp web directory needs to 
be symlinked to `~/code/simplesaml` to be properly handled by Nginx. [Read the docs](https://pantheon.io/docs/shibboleth-sso/)
for more details about configuring SimpleSAMLphp on Pantheon.

Because SAML authentication is handled as a part of the login flow, your SAML identity
provider will need to send responses back to `wp-login.php`. For instance, if your
domain is `pantheon.io`, then you'd use `http://pantheon.io/wp-login.php` as your`
AssertionConsumerService` configuration value.

**Where to add configuration code:** When using the filter-based configuration approach,
add your code to a location that loads before the plugin initializes. You can [create a custom must-use plugin](https://docs.pantheon.io/guides/wordpress-configurations/mu-plugin)
or add the code to your theme's `functions.php` file (note: theme-based configuration
will need to be migrated if you switch themes).

To configure the plugin with a filter, or for additional detail on each setting,
use this code snippet:

    ```
    function wpsax_filter_option( $value, $option_name ) {
        $defaults = array(
            /**
             * Type of SAML connection bridge to use.
             *
             * 'internal' uses OneLogin bundled library; 'simplesamlphp' uses SimpleSAMLphp.
             *
             * Defaults to SimpleSAMLphp for backwards compatibility.
             *
             * @param string
             */
            'connection_type' => 'internal',
            /**
             * Configuration options for OneLogin library use.
             *
             * See comments with "Required:" for values you absolutely need to configure.
             *
             * @param array
             */
            'internal_config'        => array(
                // Validation of SAML responses is required.
                'strict'       => true,
                'debug'        => defined( 'WP_DEBUG' ) && WP_DEBUG ? true : false,
                'baseurl'      => home_url(),
                'sp'           => array(
                    'entityId' => 'urn:' . parse_url( home_url(), PHP_URL_HOST ),
                    'assertionConsumerService' => array(
                        'url'  => wp_login_url(),
                        'binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
                    ),
                ),
                'idp'          => array(
                    // Required: Set based on provider's supplied value.
                    'entityId' => '',
                    'singleSignOnService' => array(
                        // Required: Set based on provider's supplied value.
                        'url'  => '',
                        'binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
                    ),
                    'singleLogoutService' => array(
                        // Required: Set based on provider's supplied value.
                        'url'  => '',
                        'binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
                    ),
                    // Required: Contents of the IDP's public x509 certificate.
                    // Use file_get_contents() to load certificate contents into scope.
                    'x509cert' => '',
                    // Optional: Instead of using the x509 cert, you can specify the fingerprint and algorithm.
                    'certFingerprint' => '',
                    'certFingerprintAlgorithm' => '',
                ),
            ),
            /**
             * Path to SimpleSAMLphp autoloader.
             *
             * SimpleSAMLphp v2.x uses 'vendor/autoload.php'
             * SimpleSAMLphp v1.x uses 'lib/_autoload.php'
             *
             * The plugin will automatically search for SimpleSAMLphp in common
             * installation paths and detect the correct autoloader for both versions.
             *
             * You typically don't need to set this - leave it commented out to use auto-detection.
             * Only set this value if SimpleSAMLphp is in a non-standard location.
             *
             * Examples:
             * - SimpleSAMLphp v2.x: dirname( __FILE__ ) . '/simplesamlphp/vendor/autoload.php'
             * - SimpleSAMLphp v1.x: dirname( __FILE__ ) . '/simplesamlphp/lib/_autoload.php'
             * - Composer (site root): ABSPATH . 'vendor/autoload.php'
             *
             * @param string
             */
            // 'simplesamlphp_autoload' => dirname( __FILE__ ) . '/simplesamlphp/vendor/autoload.php',
            /**
             * Authentication source to pass to SimpleSAMLphp
             *
             * This must be one of your configured identity providers in
             * SimpleSAMLphp. If the identity provider isn't configured
             * properly, the plugin will not work properly.
             *
             * @param string
             */
            'auth_source'            => 'default-sp',
            /**
             * Whether or not to automatically provision new WordPress users.
             *
             * When WordPress is presented with a SAML user without a
             * corresponding WordPress account, it can either create a new user
             * or display an error that the user needs to contact the site
             * administrator.
             *
             * @param bool
             */
            'auto_provision'         => true,
            /**
             * Whether or not to permit logging in with username and password.
             *
             * If this feature is disabled, all authentication requests will be
             * channeled through SimpleSAMLphp.
             *
             * @param bool
             */
            'permit_wp_login'        => true,
            /**
             * Attribute by which to get a WordPress user for a SAML user.
             *
             * @param string Supported options are 'email' and 'login'.
             */
            'get_user_by'            => 'email',
            /**
             * SAML attribute which includes the user_login value for a user.
             *
             * @param string
             */
            'user_login_attribute'   => 'uid',
            /**
             * SAML attribute which includes the user_email value for a user.
             *
             * @param string
             */
            'user_email_attribute'   => 'mail',
            /**
             * SAML attribute which includes the display_name value for a user.
             *
             * @param string
             */
            'display_name_attribute' => 'display_name',
            /**
             * SAML attribute which includes the first_name value for a user.
             *
             * @param string
             */
            'first_name_attribute' => 'first_name',
            /**
             * SAML attribute which includes the last_name value for a user.
             *
             * @param string
             */
            'last_name_attribute' => 'last_name',
            /**
             * Default WordPress role to grant when provisioning new users.
             *
             * @param string
             */
            'default_role'           => get_option( 'default_role' ),
        );
        $value = isset( $defaults[ $option_name ] ) ? $defaults[ $option_name ] : $value;
        return $value;
    }
    add_filter( 'wp_saml_auth_option', 'wpsax_filter_option', 10, 2 );
    ```

If you need to adapt authentication behavior based on the SAML response, you can
do so with the `wp_saml_auth_pre_authentication` filter:

    ```
    /**
     * Reject authentication if $attributes doesn't include the authorized group.
     */
    add_filter( 'wp_saml_auth_pre_authentication', function( $ret, $attributes ) {
        if ( empty( $attributes['group'] ) || ! in_array( 'administrators', $attributes['group'] ) ) {
            return new WP_Error( 'unauthorized-group', "Sorry, you're not a member of an authorized group." );
        }
        return $ret;
    }, 10, 2 );
    ```

If you're using the OneLogin connection type and need to modify the `internal_config`(
e.g. to set `requestedAuthnContext` to `false`), you can use the `wp_saml_auth_internal_config`
filter:

    ```
    /**
     * Modify the OneLogin SAML configuration.
     */
    add_filter( 'wp_saml_auth_internal_config', function( $config ) {
        $config['security'] = array(
            'requestedAuthnContext' => false,
        );
        return $config;
    } );
    ```

In multisite environments, you can prevent auto-provisioned users from being automatically
added to sites using the `wp_saml_auth_auto_add_to_blog` filter. By default, WordPress
multisite adds new users to the site where they log in (typically site ID 1) with
the `default_role`.

    ```
    /**
     * Prevent auto-provisioned users from being added to any site.
     * Users will be created as network users only.
     */
    add_filter( 'wp_saml_auth_auto_add_to_blog', '__return_false' );
    ```

You can also prevent users from being added only to specific sites:

    ```
    /**
     * Prevent auto-provisioned users from being added to site ID 1,
     * but allow them to be added to other sites.
     */
    add_filter( 'wp_saml_auth_auto_add_to_blog', function( $add_user, $blog_id ) {
        // Don't add users to site ID 1
        if ( 1 === $blog_id ) {
            return false;
        }
        return $add_user;
    }, 10, 2 );
    ```

When this filter returns `false`, users are created as network users without being
added to the site. This is useful for large multisite installations where you want
to manage site membership separately from authentication.

**Note for developers using the `wp_saml_auth_new_user_authenticated` action:** 
When this filter returns `false`, the user passed to `wp_saml_auth_new_user_authenticated`
will have no role on the current site. If your hook relies on `$user->roles`, check
for an empty array:

    ```
    add_action( 'wp_saml_auth_new_user_authenticated', function( $user, $attributes ) {
        if ( empty( $user->roles ) ) {
            // Network-only user, no role on this site.
            return;
        }
        // Your existing logic.
    }, 10, 2 );
    ```

## ČPP

### Can I update an existing WordPress user's data when they log back in?

If you'd like to make sure the user's display name, first name, and last name are
updated in WordPress when they log back in, you can use the following code snippet:

    ```
    /**
     * Update user attributes after a user has logged in via SAML.
     */
    add_action( 'wp_saml_auth_existing_user_authenticated', function( $existing_user, $attributes ) {
        $user_args = array(
            'ID' => $existing_user->ID,
        );
        foreach ( array( 'display_name', 'first_name', 'last_name' ) as $type ) {
            $attribute          = \WP_SAML_Auth::get_option( "{$type}_attribute" );
            $user_args[ $type ] = ! empty( $attributes[ $attribute ][0] ) ? $attributes[ $attribute ][0] : '';
        }
        wp_update_user( $user_args );
    }, 10, 2 );
    ```

The `wp_saml_auth_existing_user_authenticated` action fires after the user has successfully
authenticated with the SAML IdP. The code snippet then uses a pattern similar to
WP SAML Auth to fetch display name, first name, and last name from the SAML response.
Lastly, the code snippet updates the existing WordPress user object.

### How do I use SimpleSAMLphp and WP SAML Auth on a multi web node environment?

Because SimpleSAMLphp uses PHP sessions to manage user authentication, it will work
unreliably or not at all on a server configuration with multiple web nodes. This
is because PHP's default session handler uses the filesystem, and each web node 
has a different filesystem. Fortunately, there's a way around this.

First, install and activate the [WP Native PHP Sessions plugin](https://wordpress.org/plugins/wp-native-php-sessions/),
which registers a database-based PHP session handler for WordPress to use.

Next, modify SimpleSAMLphp's `www/_include.php` file to require `wp-load.php`. If
you installed SimpleSAMLphp within the `wp-saml-auth` directory, you'd edit `wp-
saml-auth/simplesamlphp/www/_include.php` to include:

    ```
    <?php
    require_once dirname( dirname( dirname( dirname( dirname( dirname( __FILE__ ) ) ) ) ) ) . '/wp-load.php';
    ```

Note: the declaration does need to be at the top of `_include.php`, to ensure WordPress(
and thus the session handling) is loaded before SimpleSAMLphp.

There is no third step. Because SimpleSAMLphp loads WordPress, which has WP Native
PHP Sessions active, SimpleSAMLphp and WP SAML Auth will be able to communicate 
to one another on a multi web node environment.

### Where do I report security bugs found in this plugin?

Please report security bugs found in the source code of the WP SAML Auth plugin 
through the [Patchstack Vulnerability Disclosure Program](https://patchstack.com/database/vdp/wp-saml-auth).
The Patchstack team will assist you with verification, CVE assignment, and notify
the developers of this plugin.

### What are the security requirements for SimpleSAMLphp?

If you're using the SimpleSAMLphp connection type:
 * **Critical Security Requirement:**
Version 2.0.0 or later is required to fix CVE-2023-26881 (XML signature validation
bypass vulnerability). * **Recommended Security Requirement:** Version 2.3.7 or 
later is recommended for additional security fixes. * Authentication will be blocked
for versions below 2.0.0 when “Enforce Security Requirements” is enabled. * It's
always recommended to use the latest stable version of SimpleSAMLphp for security
and compatibility.

## Recenzije

![](https://secure.gravatar.com/avatar/d3bd20becb9a1195f3fc036e02dd4c9fe5329079a711cd182180e8027a6d4628?
s=60&d=retro&r=g)

### 󠀁[Great! Would be even better with more help documentation](https://wordpress.org/support/topic/great-would-be-even-better-with-more-help-documentation/)󠁿

 [slingshotdesign](https://profiles.wordpress.org/slingshotdesign/) 31. Marta 2026.

Great plugin, that works really well. It has some useful filters for developers 
to hook into, which I appreciate and it does the same job as other paid plugins 
so I also really appreciate that this is free! I struggled to figure out how to 
use this with Azure AD but after a lot of trial and error figured it out.

![](https://secure.gravatar.com/avatar/8f0c63b5776ea9fd5946297b03bd32b04e02fa48147c7f6d3364d3b8f0b8f42c?
s=60&d=retro&r=g)

### 󠀁[Perfect!](https://wordpress.org/support/topic/perfect-9412/)󠁿

 [pbdk](https://profiles.wordpress.org/pbdk/) 1. Augusta 2022.

Works great with Azure AD / Microsoft 365. Would be even better if the default role
could be defined on the settings page. Could be useful having the option to disable
logging out from the ID provider.

![](https://secure.gravatar.com/avatar/ca0059bb34d909ea4585777cec819fec07dc2fe90797e7fc226ea395b4f5ac1f?
s=60&d=retro&r=g)

### 󠀁[Amazing 😍](https://wordpress.org/support/topic/amazing-%f0%9f%98%8d/)󠁿

 [themachine01](https://profiles.wordpress.org/themachine01/) 7. Augusta 2020.

Switching from miniOrange

![](https://secure.gravatar.com/avatar/9705d243d74244409cdd4e368ba627e94491c4d988d864f34608f792cca7b32a?
s=60&d=retro&r=g)

### 󠀁[Impossible to configure](https://wordpress.org/support/topic/impossible-to-configure-5/)󠁿

 [silverfang007](https://profiles.wordpress.org/silverfang007/) 23. Januara 2020.
1 reply

Right after installing and activating the plugin, I keep getting warning messages
such as some library files are missing and the WP SAML Auth is not active. Also,
the lack of any instructions makes it impossible to configure it with my Okta account.
Just a waste of time! Deactivating and trying out other SAML plugins.

![](https://secure.gravatar.com/avatar/4a9957bcaa11f15f5665a4730091a56106f0a275789affcaa5db64c62a39e044?
s=60&d=retro&r=g)

### 󠀁[Great and versatile](https://wordpress.org/support/topic/great-and-versatile-3/)󠁿

 [kikkervis](https://profiles.wordpress.org/kikkervis/) 26. Septembra 2018.

Does exactly what I need.

![](https://secure.gravatar.com/avatar/05b78b2f496ece9a8f7a25f93b1def406fe1877b0a37afa7e837cff4dc4fbec0?
s=60&d=retro&r=g)

### 󠀁[Great](https://wordpress.org/support/topic/great-8132/)󠁿

 [H. Adam Lenz](https://profiles.wordpress.org/adrock42/) 4. Maja 2018.

Pretty excellent, well done. Pull requests will be forthcoming

 [ Read all 8 reviews ](https://wordpress.org/support/plugin/wp-saml-auth/reviews/)

## Saradnici i programeri

“WP SAML Auth” is open source software. The following people have contributed to
this plugin.

Doprinositelji

 *   [ Pantheon Systems ](https://profiles.wordpress.org/getpantheon/)
 *   [ Daniel Bachhuber ](https://profiles.wordpress.org/danielbachhuber/)
 *   [ Josh Koenig ](https://profiles.wordpress.org/outlandish-josh/)
 *   [ John Spellman ](https://profiles.wordpress.org/jspellman/)
 *   [ Chris Reynolds ](https://profiles.wordpress.org/jazzs3quence/)
 *   [ Anais Pantheor ](https://profiles.wordpress.org/anaispantheor/)

[Prevedi “WP SAML Auth” na vaš jezik.](https://translate.wordpress.org/projects/wp-plugins/wp-saml-auth)

### Zainteresirani za razvoj?

[Pregledajte kôd](https://plugins.trac.wordpress.org/browser/wp-saml-auth/), pogledajte
[SVN spremište](https://plugins.svn.wordpress.org/wp-saml-auth/)ili se pretplatite
na [dnevnik razvoja](https://plugins.trac.wordpress.org/log/wp-saml-auth/) od [RSS](https://plugins.trac.wordpress.org/log/wp-saml-auth/?limit=100&mode=stop_on_copy&format=rss).

## Zapis promijena

#### 2.3.1 (March 6, 2026)

 * Adds `wp_saml_auth_auto_add_to_blog` filter to control whether auto-provisioned
   users are added to sites in multisite environments [[#465](https://github.com/pantheon-systems/wp-saml-auth/pull/465)].
 * When `wp_saml_auth_auto_add_to_blog` returns `false`, the `wp_saml_auth_new_user_authenticated`
   action will receive a user with no role on the current site. Hooks relying on`
   $user->roles` being non-empty should account for this [[#465](https://github.com/pantheon-systems/wp-saml-auth/pull/465)].

#### 2.3.0 (January 8, 2026)

 * Adds PHP 8.4 compatibility [[#410](https://github.com/pantheon-systems/wp-saml-auth/pull/410)].
 * Increases minimum supported PHP version to 7.4.
 * Compatible with WordPress 6.9
 * Fix warning message on the plugin's settings page for users who aren't using 
   SimpleSAML [[#445](https://github.com/pantheon-systems/wp-saml-auth/pull/445)][
   [#451](https://github.com/pantheon-systems/wp-saml-auth/pull/451)].
 * Skip SimpleSAMLphp autoloader discovery when the SimpleSAML\Auth\Simple class
   is already loaded [[#444](https://github.com/pantheon-systems/wp-saml-auth/pull/444)].
 * Adds `wp_saml_auth_internal_config` filter to allow customization of the OneLogin
   SAML configuration [[#497](https://github.com/pantheon-systems/wp-saml-auth/pull/497)].
 * Fix autoloader detection logic for Composer-installed SimpleSAMLphp.[[#452](https://github.com/pantheon-systems/wp-saml-auth/pull/452)]
 * Fix incorrect warning display when SimpleSAMLphp version detection succeeds. [
   [#455](https://github.com/pantheon-systems/wp-saml-auth/pull/455)]

#### 2.2.0 (9 June 2024)

 * Add a hook to modify returned attributes. [[#379](https://github.com/pantheon-systems/wp-saml-auth/pull/379/)]
 * Updates [`onelogin/php-saml`](https://github.com/SAML-Toolkits/php-saml) to 4.2.0.[
   [#402](https://github.com/pantheon-systems/wp-saml-auth/pull/402/)]
 * Adds warnings and the option to disable SAML when using a vulnerable version 
   of simplesamlphp [[#402](https://github.com/pantheon-systems/wp-saml-auth/pull/402/)]

#### 2.1.4 (November 27, 2023)

 * Fix typo in the label for the certificate path [[#352](https://github.com/pantheon-systems/wp-saml-auth/pull/352)]
 * Updates Pantheon WP Coding Standards to 2.0 [[#357](https://github.com/pantheon-systems/wp-saml-auth/pull/357)]
 * Fix logged-out auth issue [[#359](https://github.com/pantheon-systems/wp-saml-auth/pull/359)](
   props [Snicco](https://snicco.io))

#### 2.1.3 (April 8, 2023)

 * Fixes missing vendor/ directory in previous release [[#336](https://github.com/pantheon-systems/wp-saml-auth/pull/336)]

#### 2.1.2 (April 7, 2023)

 * Bump yoast/phpunit-polyfills from 1.0.4 to 1.0.5 [[#334](https://github.com/pantheon-systems/wp-saml-auth/pull/334)].
 * Updates tested up to version
 * Removes unused NPM dependencies

#### 2.1.1 (March 15, 2023)

 * Adds PHP 8.2 compatibility [[#332](https://github.com/pantheon-systems/wp-saml-auth/pull/332)].
 * Make dependabot target develop branch [[#313](https://github.com/pantheon-systems/wp-saml-auth/pull/313)].
 * Bump dependencies [[#308](https://github.com/pantheon-systems/wp-saml-auth/pull/308)][
   [#310](https://github.com/pantheon-systems/wp-saml-auth/pull/310)] [[#314](https://github.com/pantheon-systems/wp-saml-auth/pull/314)][
   [#319](https://github.com/pantheon-systems/wp-saml-auth/pull/319)] [[#322](https://github.com/pantheon-systems/wp-saml-auth/pull/322)][
   [#323](https://github.com/pantheon-systems/wp-saml-auth/pull/323)] [[#324](https://github.com/pantheon-systems/wp-saml-auth/pull/324)][
   [#325](https://github.com/pantheon-systems/wp-saml-auth/pull/325)] [[#326](https://github.com/pantheon-systems/wp-saml-auth/pull/326)][
   [#330](https://github.com/pantheon-systems/wp-saml-auth/pull/330)].

#### 2.1.0 (November 29, 2022)

 * Adds Github Actions for building tag and deploying to wp.org. Add CONTRIBUTING.
   md. [[#311](https://github.com/pantheon-systems/wp-saml-auth/pull/311)]

#### 2.0.1 (January 24, 2022)

 * Rebuilds platform dependencies to accommodate PHP 7.3 [[#278](https://github.com/pantheon-systems/wp-saml-auth/pull/278)].

#### 2.0.0 (January 6, 2022)

 * **BREAKING**: Updates `onelogin/php-saml` to `v4.0.0`, which requires PHP 7.3
   or higher [[#275](https://github.com/pantheon-systems/wp-saml-auth/pull/275)].

#### 1.2.7 (December 9, 2021)

 * Adds a `wp_saml_auth_pre_logout` action that fires before logout [[#274](https://github.com/pantheon-systems/wp-saml-auth/pull/274)].

#### 1.2.6 (October 12, 2021)

 * Adds a `wp_saml_auth_login_parameters` filter to allow login parameters to be
   filtered [[#262](https://github.com/pantheon-systems/wp-saml-auth/pull/262)].

#### 1.2.5 (August 18, 2021)

 * Fixes undefined index notice introduced in 1.2.4 [[#257](https://github.com/pantheon-systems/wp-saml-auth/pull/257)].

#### 1.2.4 (August 18, 2021)

 * Adds a `wp_saml_auth_internal_logout_args` filter to allow the internal logout
   args to be filterable [[#255](https://github.com/pantheon-systems/wp-saml-auth/pull/255)].

#### 1.2.3 (May 25, 2021)

 * Adds a `wp_saml_auth_force_authn` filter to allow forceAuthn=”true” to be enabled[
   [#248](https://github.com/pantheon-systems/wp-saml-auth/pull/248)].

#### 1.2.2 (Apr 26, 2021)

 * Ensures SAML button and explanations are only added to the login screen [[#242](https://github.com/pantheon-systems/wp-saml-auth/pull/242)].

#### 1.2.1 (Mar 2, 2021)

 * Updates `onelogin/php-saml` to `v3.6.1` [[#236](https://github.com/pantheon-systems/wp-saml-auth/pull/236)].

#### 1.2.0 (Feb 22, 2021)

 * Updates `onelogin/php-saml` to `v3.6.0` [[#233](https://github.com/pantheon-systems/wp-saml-auth/pull/233)].

#### 1.1.1 (Feb 3, 2021)

 * Updates French localization and ensures localizations are loaded [[#230](https://github.com/pantheon-systems/wp-saml-auth/pull/230)].

#### 1.1.0 (Dec 1, 2020)

 * Updates `onelogin/php-saml` to `v3.5.0` [[#218](https://github.com/pantheon-systems/wp-saml-auth/pull/218)].

#### 1.0.2 (May 27, 2020)

 * Avoid undesired `session_start()` when using SimpleSAMLphp [[#196](https://github.com/pantheon-systems/wp-saml-auth/pull/196)].

#### 1.0.1 (May 26, 2020)

 * Allows redirecting back to `wp-login.php` while avoiding redirect loop [[#192](https://github.com/pantheon-systems/wp-saml-auth/pull/192)].

#### 1.0.0 (March 2, 2020)

 * Plugin is stable.

#### 0.8.3 (February 3, 2020)

 * Removes unused `placeholder` value that's causing PHP notices [[#178](https://github.com/pantheon-systems/wp-saml-auth/pull/178)].

#### 0.8.2 (January 22, 2020)

 * Fixes method declaration for methods used statically [[#176](https://github.com/pantheon-systems/wp-saml-auth/pull/176)].

#### 0.8.1 (November 25, 2019)

 * Updates `onelogin/php-saml` to `v3.4.1` [[#174](https://github.com/pantheon-systems/wp-saml-auth/pull/174)].

#### 0.8.0 (November 20, 2019)

 * Updates `onelogin/php-saml` to `v3.4.0` [[#173](https://github.com/pantheon-systems/wp-saml-auth/pull/173)].

#### 0.7.3 (November 7, 2019)

 * Updates `onelogin/php-saml` to `v3.3.1` [[#172](https://github.com/pantheon-systems/wp-saml-auth/pull/172)].

#### 0.7.2 (October 30, 2019)

 * Fixes issue where an empty required settings field would throw load Exception[
   [#170](https://github.com/pantheon-systems/wp-saml-auth/pull/170)].

#### 0.7.1 (September 26, 2019)

 * Fixes typo on the settings page [[#163](https://github.com/pantheon-systems/wp-saml-auth/pull/163)].

#### 0.7.0 (September 16, 2019)

 * Updates `onelogin/php-saml` to `v3.3.0` [[#160](https://github.com/pantheon-systems/wp-saml-auth/pull/160)].

#### 0.6.0 (May 14, 2019)

 * Adds a settings page for configuring WP SAML Auth [[#151](https://github.com/pantheon-systems/wp-saml-auth/pull/151)].
 * Fixes issue when processing SimpleSAMLphp response [[#145](https://github.com/pantheon-systems/wp-saml-auth/pull/145)].

#### 0.5.2 (April 8, 2019)

 * Updates `onelogin/php-saml` to `v3.1.1` for PHP 7.3 support [[#139](https://github.com/pantheon-systems/wp-saml-auth/pull/139)].

#### 0.5.1 (November 15, 2018)

 * Introduces a `wp_saml_auth_attributes` filter to permit modifying SAML response
   attributes before they're processed by WordPress [[#136](https://github.com/pantheon-systems/wp-saml-auth/pull/136)].

#### 0.5.0 (November 7, 2018)

 * Updates `onelogin/php-saml` to `v3.0.0` for PHP 7.2 support [[#133](https://github.com/pantheon-systems/wp-saml-auth/pull/133)].

#### 0.4.0 (September 5, 2018)

 * Updates `onelogin/php-saml` from `v2.13.0` to `v2.14.0` [[#127](https://github.com/pantheon-systems/wp-saml-auth/pull/127)].

#### 0.3.11 (July 18, 2018)

 * Provides an error message explicitly for when SAML response attributes are missing[
   [#125](https://github.com/pantheon-systems/wp-saml-auth/pull/125)].

#### 0.3.10 (June 28, 2018)

 * Ensures `redirect_to` URLs don't lose query parameters by encoding with `rawurlencode()`[
   [#124](https://github.com/pantheon-systems/wp-saml-auth/pull/124)].
 * Adds French localization.

#### 0.3.9 (March 29, 2018)

 * Fixes PHP notice by using namespaced SimpleSAMLphp class if available [[#118](https://github.com/pantheon-systems/wp-saml-auth/pull/118)].
 * Updates `onelogin/php-saml` from `v2.12.0` to `v2.13.0`

#### 0.3.8 (February 26, 2018)

 * Redirects to `action=wp-saml-auth` when `redirect_to` is persisted, to ensure
   authentication is handled [[#115](https://github.com/pantheon-systems/wp-saml-auth/pull/115)].

#### 0.3.7 (February 13, 2018)

 * Persists `redirect_to` value in a more accurate manner, as a follow up to the
   change in v0.3.6 [[#113](https://github.com/pantheon-systems/wp-saml-auth/pull/113)].

#### 0.3.6 (February 7, 2018)

 * Prevents WordPress from dropping authentication cookie when user is redirected
   to login from `/wp-admin/` URLs [[#112](https://github.com/pantheon-systems/wp-saml-auth/pull/112)].

#### 0.3.5 (January 19, 2018)

 * Substitutes `wp-login.php` string with `parse_url( wp_login_url(), PHP_URL_PATH)`
   for compatibility with plugins and functions that alter the standard login url[
   [#109](https://github.com/pantheon-systems/wp-saml-auth/pull/109)].

#### 0.3.4 (December 22, 2017)

 * Permits `internal` connection type to be used without signout URL, for integration
   with Google Apps [[#106](https://github.com/pantheon-systems/wp-saml-auth/pull/106)].

#### 0.3.3 (November 28, 2017)

 * Forwards ‘redirect_to’ parameter to SAML Authentication to enable deep links [
   [#103](https://github.com/pantheon-systems/wp-saml-auth/pull/103)].

#### 0.3.2 (November 9, 2017)

 * Updates `onelogin/php-saml` dependency from v2.10.7 to v2.12.0 [[#90](https://github.com/pantheon-systems/wp-saml-auth/pull/90),
   [#99](https://github.com/pantheon-systems/wp-saml-auth/pull/99)].

#### 0.3.1 (July 12, 2017)

 * Passes `$attributes` to `wp_saml_auth_insert_user` filter, so user creation behavior
   can be modified based on SAML response.

#### 0.3.0 (June 29, 2017)

 * Includes OneLogin's PHP SAML library for SAML auth without SimpleSAMLphp. See“
   Installation” for configuration instructions.
 * Fixes handling of SAMLResponse when `permit_wp_login=true`.

#### 0.2.2 (May 24, 2017)

 * Introduces a `wp_saml_auth_login_strings` filter to permit login text strings
   to be filterable.
 * Introduces a `wp_saml_auth_pre_authentication` filter to allow authentication
   behavior to be adapted based on SAML response.
 * Improves error message when required SAML response attribute is missing.
 * Corrects project name in `composer.json`.

#### 0.2.1 (March 22, 2017)

 * Introduces `wp_saml_auth_new_user_authenticated` and `wp_saml_auth_existing_user_authenticated`
   actions to permit themes / plugins to run a callback post-authentication.
 * Runs Behat test suite against latest stable SimpleSAMLphp, instead of a pinned
   version.

#### 0.2.0 (March 7, 2017)

 * Introduces `wp saml-auth scaffold-config`, a WP-CLI command to scaffold a configuration
   filter to customize WP SAML Auth usage.
 * Redirects back to WordPress after SimpleSAMLPHP authentication.
 * Variety of test suite improvements.

#### 0.1.0 (April 18, 2016)

 * Initial release.

## Meta

 *  Version **2.3.1**
 *  Last updated **prije 1 mjesec**
 *  Active installations **7.000+**
 *  WordPress version ** 6.4 ili viša **
 *  Tested up to **6.9.4**
 *  PHP version ** 7.4 ili viša **
 *  Language
 * [English (US)](https://wordpress.org/plugins/wp-saml-auth/)
 * Tags
 * [authentication](https://bs.wordpress.org/plugins/tags/authentication/)[SAML](https://bs.wordpress.org/plugins/tags/saml/)
 *  [Napredni pogled](https://bs.wordpress.org/plugins/wp-saml-auth/advanced/)

## Ocjene

 4.5 out of 5 stars.

 *  [  7 5-star reviews     ](https://wordpress.org/support/plugin/wp-saml-auth/reviews/?filter=5)
 *  [  0 4-star reviews     ](https://wordpress.org/support/plugin/wp-saml-auth/reviews/?filter=4)
 *  [  0 3-star reviews     ](https://wordpress.org/support/plugin/wp-saml-auth/reviews/?filter=3)
 *  [  0 2-star reviews     ](https://wordpress.org/support/plugin/wp-saml-auth/reviews/?filter=2)
 *  [  1 1-star review     ](https://wordpress.org/support/plugin/wp-saml-auth/reviews/?filter=1)

[Your review](https://wordpress.org/support/plugin/wp-saml-auth/reviews/#new-post)

[See all reviews](https://wordpress.org/support/plugin/wp-saml-auth/reviews/)

## Doprinositelji

 *   [ Pantheon Systems ](https://profiles.wordpress.org/getpantheon/)
 *   [ Daniel Bachhuber ](https://profiles.wordpress.org/danielbachhuber/)
 *   [ Josh Koenig ](https://profiles.wordpress.org/outlandish-josh/)
 *   [ John Spellman ](https://profiles.wordpress.org/jspellman/)
 *   [ Chris Reynolds ](https://profiles.wordpress.org/jazzs3quence/)
 *   [ Anais Pantheor ](https://profiles.wordpress.org/anaispantheor/)

## Podrška

Rješene stavke u zadnja dva mjeseca:

     0 out of 1

 [Pogledaj forum podrške](https://wordpress.org/support/plugin/wp-saml-auth/)