shibboleth icon indicating copy to clipboard operation
shibboleth copied to clipboard

Published 20 hours ago verified publisher icon mitcho

Add 'shibboleth_authenticate_user' filter.

Open boonebgorges opened this issue 8 years ago • 4 comments

Hi @mitcho!

I have a use case where I'd like to reject or allow authentication (for new or existing users) based on a custom header sent by the Shibboleth Apache module. There's no natural place in the plugin to intervene in the auth process, so I've introduced a new filter. My callback will look like this:

add_filter( 'shibboleth_authenticate_user', function( $auth, $username ) {
    if ( $username doesn't meet my criteria ) {
        $auth = false;
    }
    return $auth;
} );

Thanks for considering!

boonebgorges avatar Sep 01 '16 01:09 boonebgorges

On second thought, a better idea is to pass through the value returned by the filter, so that you can provide a WP_Error to WP's auth functions. See 1794eb2. New example:

add_filter( 'shibboleth_authenticate_user', function( $auth, $username ) {
    if ( $username doesn't meet my criteria ) {
        $auth = new WP_Error( 'cannot_authenticate', 'The user could not be authenticated for reasons Foo and Bar', $username );
    }
    return $auth;
} );

boonebgorges avatar Sep 01 '16 02:09 boonebgorges

:+1: This seems like a more user-friendly way of limiting access than using .htaccess

jrchamp avatar Sep 01 '16 14:09 jrchamp

Thanks for submitting this patch @boonebgorges. While I expect this is a little late, I released version 1.8 today to resolve this and other issues and included a shoutout for your patch. I am the new maintainer of the plugin and all further work on the plugin will be done in a new GitHub repository. If you have any further issues, please don't hesitate to report them in the new repository.

michaelryanmcneill avatar Aug 24 '17 00:08 michaelryanmcneill

@michaelryanmcneill This sounds good. Thanks for following up!

boonebgorges avatar Aug 25 '17 00:08 boonebgorges