===== Shibboleth Wordpress plugin ===== ==== references ==== * https://wordpress.org/plugins/shibboleth/ * https://docs.shib.ncsu.edu/docs/wordpress/index.html * https://wordpress.org/plugins/simpleshib/?ref=commonninja * https://www.pluginforthat.com/plugin/shibboleth/ ==== apache vhost config ==== apache vhost that serves both mainsitewp and sub-blog farm's blogs, as of blog1.mainsitewp.domain.fr :



        ServerName mainsitewp.domain.fr
        ServerAlias *.mainsitewp.domain.fr
        DocumentRoot /var/www/wp
        ErrorLog logs/wp-error_log
        CustomLog logs/ssl_wp-access_log common
        LogLevel warn
        SSLEngine on
        Include conf.d/ssl/star_mainsitewp.domain.fr.conf
        #RewriteEngine On
        #RewriteCond %{HTTP_HOST} ^mainsitewp\.domain\.fr$ [NC]
        #RewriteRule .? https://mainsitewp.domain2.fr%{REQUEST_URI} [R=301,L]
        
                ShibRequestSetting applicationId wordpress

==== .htaccess rewrites Shibbolet.sso ==== at the DocumentRoot of wordpress vhost, the .htaccess does the job to exclude ^/Shibboleth.sso location in order for shibds to take care of those queries .


RewriteEngine On
RewriteBase /

RewriteCond %{REQUEST_URI} ^/Shibboleth.sso($|/) [OR]
#RewriteCond %{REQUEST_URI} ^/Shibboleth.sso/SAML2/POST [OR]
RewriteCond %{REQUEST_URI} ^/shib(.+)
RewriteRule . - [L]

RewriteRule ^index\.php$ - [L]
RewriteRule ^Shibboleth.sso(.+) - [END]
RewriteRule ^Shibboleth.sso/Login$ - [L]
RewriteRule ^Shibboleth.sso/Loginimt$ - [L]
RewriteRule ^Shibboleth.sso/SAML2/POST$ - [L]
RewriteRule ^shib(.+) - [L]

# BEGIN Shibboleth
AuthType shibboleth
Require shibboleth
# END Shibboleth

==== wordpress farm multisite ==== for multisite wordpress, we need to allow shib session cookies to be allowed withing sub-domains blogs (cf cookieProps= ) .

with redirectLimit="exact+allow" also ste to none in debug mode