From 33b4e1cefbbf2f84047adf228322d7a4223f7647 Mon Sep 17 00:00:00 2001 From: Chris Reynolds Date: Mon, 13 Mar 2017 14:15:15 -0600 Subject: [PATCH 1/6] allow `saml_acs` to be filtered to something else --- onelogin-saml-sso/php/functions.php | 6 +++++- onelogin-saml-sso/php/settings.php | 6 +++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/onelogin-saml-sso/php/functions.php b/onelogin-saml-sso/php/functions.php index 38facc2..2206b20 100644 --- a/onelogin-saml-sso/php/functions.php +++ b/onelogin-saml-sso/php/functions.php @@ -10,7 +10,11 @@ function saml_checker() { - if (isset($_GET['saml_acs'])) { + /** + * Allow saml_acs URL query variable to be customized. + */ + $saml_acs = apply_filters( 'onelogin_saml_acs', 'saml_acs' ); + if ( isset( $_GET[ $saml_acs ] ) ) { saml_acs(); } else if (isset($_GET['saml_sls'])) { diff --git a/onelogin-saml-sso/php/settings.php b/onelogin-saml-sso/php/settings.php index d9117e4..90e37df 100644 --- a/onelogin-saml-sso/php/settings.php +++ b/onelogin-saml-sso/php/settings.php @@ -57,7 +57,11 @@ } } -$acs_endpoint = get_option('onelogin_saml_alternative_acs', false) ? plugins_url( 'alternative_acs.php', dirname( __FILE__ ) ) : wp_login_url() . '?saml_acs'; +/** + * Allow saml_acs URL query variable to be customized. + */ +$saml_acs = apply_filters( 'onelogin_saml_acs', 'saml_acs' ); +$acs_endpoint = get_option( 'onelogin_saml_alternative_acs', false ) ? plugins_url( 'alternative_acs.php', dirname( __FILE__ ) ) : wp_login_url() . '?' . $saml_acs; $settings = array ( From 45979e0fdac5238176b27e7f51de520fc1e43a95 Mon Sep 17 00:00:00 2001 From: Chris Reynolds Date: Mon, 13 Mar 2017 14:20:01 -0600 Subject: [PATCH 2/6] these are all handled in the same place, so if we're doing it for one, we should do it for all --- onelogin-saml-sso/php/functions.php | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/onelogin-saml-sso/php/functions.php b/onelogin-saml-sso/php/functions.php index 2206b20..2cb051a 100644 --- a/onelogin-saml-sso/php/functions.php +++ b/onelogin-saml-sso/php/functions.php @@ -11,9 +11,13 @@ function saml_checker() { /** - * Allow saml_acs URL query variable to be customized. + * Allow saml_acs query variables to be customized. */ - $saml_acs = apply_filters( 'onelogin_saml_acs', 'saml_acs' ); + $saml_acs = apply_filters( 'onelogin_saml_acs', 'saml_acs' ); + $saml_sls = apply_filters( 'onelogin_saml_sls', 'saml_sls' ); + $saml_metadata = apply_filters( 'onelogin_saml_metadata', 'saml_metadata' ); + $saml_validate_config = apply_filters( 'onelogin_saml_validate_config', 'saml_validate_config' ); + if ( isset( $_GET[ $saml_acs ] ) ) { saml_acs(); } From ab217e4607a74f17fbf96ea36d0ab3df8151c636 Mon Sep 17 00:00:00 2001 From: Chris Reynolds Date: Mon, 13 Mar 2017 14:25:37 -0600 Subject: [PATCH 3/6] use the filter for saml_metadata --- onelogin-saml-sso/onelogin_saml.php | 7 ++++--- onelogin-saml-sso/php/configuration.php | 3 ++- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/onelogin-saml-sso/onelogin_saml.php b/onelogin-saml-sso/onelogin_saml.php index ccddfab..33bb836 100644 --- a/onelogin-saml-sso/onelogin_saml.php +++ b/onelogin-saml-sso/onelogin_saml.php @@ -39,7 +39,7 @@ function disable_password_reset() { return false; } $action = isset($_REQUEST['action']) ? $_REQUEST['action'] : 'login'; // Handle SLO -if (isset($_COOKIE['saml_login']) && get_option('onelogin_saml_slo')) { +if (isset($_COOKIE['saml_login']) && get_option('onelogin_saml_slo')) { add_action('init', 'saml_slo', 1); } @@ -48,7 +48,8 @@ function disable_password_reset() { return false; } add_action('init', 'saml_sso', 1); } else { $execute_sso = false; - $saml_actions = isset($_GET['saml_metadata']) || (strpos($_SERVER['SCRIPT_NAME'], 'alternative_acs.php') !== FALSE); + $saml_metadata = apply_filters( 'onelogin_saml_metadata', 'saml_metadata' ); + $saml_actions = isset($_GET[ $saml_metadata ]) || (strpos($_SERVER['SCRIPT_NAME'], 'alternative_acs.php') !== FALSE); $wp_login_page = (strpos($_SERVER['SCRIPT_NAME'], 'wp-login.php') !== FALSE) && $action == 'login' && !isset($_GET['loggedout']); @@ -69,7 +70,7 @@ function disable_password_reset() { return false; } } else if ($local_wp_actions) { $prevent_local_login = get_option('onelogin_saml_customize_action_prevent_local_login', false); - if (($want_to_local_login && $prevent_local_login) || ($want_to_reset && $prevent_reset_password)) { + if (($want_to_local_login && $prevent_local_login) || ($want_to_reset && $prevent_reset_password)) { $execute_sso = True; } } diff --git a/onelogin-saml-sso/php/configuration.php b/onelogin-saml-sso/php/configuration.php index c2361da..d98f17d 100644 --- a/onelogin-saml-sso/php/configuration.php +++ b/onelogin-saml-sso/php/configuration.php @@ -13,6 +13,7 @@ function onelogin_saml_configuration_render() { $title = __("SSO/SAML Settings", 'onelogin-saml-sso'); + $saml_metadata = apply_filters( 'onelogin_saml_metadata', 'saml_metadata' ); ?>
@@ -20,7 +21,7 @@ function onelogin_saml_configuration_render() {
-
+
From 4d149f5df651256beb587f356e6f32185f7bd063 Mon Sep 17 00:00:00 2001 From: Chris Reynolds Date: Mon, 13 Mar 2017 14:26:37 -0600 Subject: [PATCH 4/6] use our new filters --- onelogin-saml-sso/php/functions.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/onelogin-saml-sso/php/functions.php b/onelogin-saml-sso/php/functions.php index 2cb051a..b42a8aa 100644 --- a/onelogin-saml-sso/php/functions.php +++ b/onelogin-saml-sso/php/functions.php @@ -21,11 +21,11 @@ function saml_checker() { if ( isset( $_GET[ $saml_acs ] ) ) { saml_acs(); } - else if (isset($_GET['saml_sls'])) { + else if (isset($_GET[ $saml_sls ])) { saml_sls(); - } else if (isset($_GET['saml_metadata'])) { + } else if (isset($_GET[ $saml_metadata ])) { saml_metadata(); - } else if (isset($_GET['saml_validate_config'])) { + } else if (isset($_GET[ $saml_validate_config ])) { saml_validate_config(); } } From 70e8ca717d39292903eda6300ca2b87ad90a71ba Mon Sep 17 00:00:00 2001 From: Chris Reynolds Date: Mon, 13 Mar 2017 14:28:18 -0600 Subject: [PATCH 5/6] use saml_sls filter --- onelogin-saml-sso/php/settings.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/onelogin-saml-sso/php/settings.php b/onelogin-saml-sso/php/settings.php index 90e37df..441c91b 100644 --- a/onelogin-saml-sso/php/settings.php +++ b/onelogin-saml-sso/php/settings.php @@ -61,6 +61,7 @@ * Allow saml_acs URL query variable to be customized. */ $saml_acs = apply_filters( 'onelogin_saml_acs', 'saml_acs' ); +$saml_sls = apply_filters( 'onelogin_saml_acs', 'saml_sls' ); $acs_endpoint = get_option( 'onelogin_saml_alternative_acs', false ) ? plugins_url( 'alternative_acs.php', dirname( __FILE__ ) ) : wp_login_url() . '?' . $saml_acs; $settings = array ( @@ -74,7 +75,7 @@ 'url' => $acs_endpoint ), 'singleLogoutService' => array ( - 'url' => get_site_url().'/wp-login.php?saml_sls' + 'url' => get_site_url( null, '/wp-login.php?' . $saml_sls ) ), 'NameIDFormat' => $opt['NameIDFormat'], 'x509cert' => get_option('onelogin_saml_advanced_settings_sp_x509cert'), From e553009d1947716feef016697216602c15515475 Mon Sep 17 00:00:00 2001 From: Chris Reynolds Date: Mon, 13 Mar 2017 14:30:10 -0600 Subject: [PATCH 6/6] use the saml_validate_config filter --- onelogin-saml-sso/php/configuration.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/onelogin-saml-sso/php/configuration.php b/onelogin-saml-sso/php/configuration.php index d98f17d..86b002f 100644 --- a/onelogin-saml-sso/php/configuration.php +++ b/onelogin-saml-sso/php/configuration.php @@ -14,6 +14,7 @@ function onelogin_saml_configuration_render() { $title = __("SSO/SAML Settings", 'onelogin-saml-sso'); $saml_metadata = apply_filters( 'onelogin_saml_metadata', 'saml_metadata' ); + $saml_validate_config = apply_filters( 'onelogin_saml_validate_config', 'saml_validate_config' ); ?>
@@ -22,7 +23,7 @@ function onelogin_saml_configuration_render() {

- +