PHPackages                             pressbooks/pressbooks-saml-sso - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication & Authorization](/categories/authentication)
4. /
5. pressbooks/pressbooks-saml-sso

ActiveWordpress-plugin[Authentication & Authorization](/categories/authentication)

pressbooks/pressbooks-saml-sso
==============================

Shibboleth Single Sign-On integration for Pressbooks.

2.7.0(2mo ago)3539↑333.3%1[3 issues](https://github.com/pressbooks/pressbooks-saml-sso/issues)[6 PRs](https://github.com/pressbooks/pressbooks-saml-sso/pulls)GPL-3.0-or-laterPHPPHP ^8.1CI passing

Since Jul 30Pushed 1mo ago8 watchersCompare

[ Source](https://github.com/pressbooks/pressbooks-saml-sso)[ Packagist](https://packagist.org/packages/pressbooks/pressbooks-saml-sso)[ Docs](https://github.com/pressbooks/pressbooks-saml-sso)[ RSS](/packages/pressbooks-pressbooks-saml-sso/feed)WikiDiscussions dev Synced 1mo ago

READMEChangelog (10)Dependencies (11)Versions (62)Used By (0)

Pressbooks SAML2 Single Sign-On
===============================

[](#pressbooks-saml2-single-sign-on)

Contributors: conner\_bw, greatislander, richard015ar, steelwagstaff, arzola Tags: pressbooks, saml, saml2, sso, shibboleth Requires at least: 6.5 Tested up to: 6.5

Stable tag: 2.7.0

Requires PHP: 8.1 License: GPLv3 or later License URI:

SAML2 Single Sign-On integration for Pressbooks.

Description
-----------

[](#description)

[![Packagist](https://camo.githubusercontent.com/ab7e298b2988151559adac5b77c2bd0078a9ccd4bb417fc5590533bfe253e183/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f7072657373626f6f6b732f7072657373626f6f6b732d73616d6c2d73736f2e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/pressbooks/pressbooks-saml-sso) [![GitHub release](https://camo.githubusercontent.com/ab5de38b7da3adaaf8567b2f0b4e8cbf0094686bdcb93a04390b6e2f82fc52e0/68747470733a2f2f62616467656e2e6e65742f6769746875622f72656c656173652f7072657373626f6f6b732f7072657373626f6f6b732d73616d6c2d73736f2f737461626c653f7374796c653d666c6174)](https://github.com/pressbooks/pressbooks-saml-sso/releases) [![Travis](https://camo.githubusercontent.com/254f9732739e257d4c7caa0ac63783908d7f781013c693545e8dde7713ad822f/68747470733a2f2f62616467656e2e6e65742f7472617669732f7072657373626f6f6b732f7072657373626f6f6b732d73616d6c2d73736f2e7376673f7374796c653d666c6174)](https://travis-ci.com/pressbooks/pressbooks-saml-sso/) [![Codecov](https://camo.githubusercontent.com/cd6f38a0d71397f2c76462c98c3bbf3aa4e04e412f6bc0a24b250f4d9b7e985d/68747470733a2f2f62616467656e2e6e65742f636f6465636f762f632f6769746875622f7072657373626f6f6b732f7072657373626f6f6b732d73616d6c2d73736f3f7374796c653d666c6174)](https://codecov.io/gh/pressbooks/pressbooks-saml-sso)

Plugin to integrate Pressbooks with a SAML2 single sign-on service. ([Shibboleth](https://www.shibboleth.net/), [Microsoft ADFS](https://support.zendesk.com/hc/en-us/articles/203663886-Setting-up-single-sign-on-using-Active-Directory-with-ADFS-and-SAML-Professional-and-Enterprise-), [Google Apps](https://pantheon.io/docs/wordpress-google-sso/), Etc.)

Users who attempt to login to Pressbooks are redirected to a Shibboleth or SAML2 Identity Provider. After the user’s credentials are verified, they are redirected back to the Pressbooks network. If we match a Pressbooks user by UID ( stored in user\_meta table), the user is recognized as valid and allowed access. If no match, then try to match a Pressbooks user by email (and store a successful match in user\_meta table for next time). If the user does not have an account in Pressbooks, a new user can be created, or access can be refused, depending on the configuration.

Limitations: This plugin does not enable authentication with multilateral Shibboleth. For use in a non-federated, bilateral configuration, with a single IdP.

Installation
------------

[](#installation)

```
composer require pressbooks/pressbooks-saml-sso

```

Or, download the latest version from the releases page and unzip it into your WordPress plugin directory:

Then, create the necessary certificates:

```
cd vendor/onelogin/php-saml/certs
openssl req -newkey rsa:2048 -new -x509 -days 3652 -nodes -out sp.crt -keyout sp.key

```

Then, activate and configure the plugin at the Network level.

### Security Considerations

[](#security-considerations)

Generating certificates in `vendor/onelogin/php-saml/certs`, without further changes, will expose them to malicious users (Ie. `https://path/to/vendor/onelogin/php-saml/certs/sp.crt`). Furthermore, your certificates are at risk of being deleted when updating packages using `composer update` or similar commands. A competent sysadmin must make sure certificates are not accessible from the internet nor deleted. It is highly recommended that you pass your certificates via configuration variables. Example:

```
add_filter( 'pb_saml_auth_settings', function( $config ) {
	$config['sp']['x509cert'] = file_get_contents( '/path/to/sp.key' );
	$config['sp']['privateKey'] = file_get_contents( '/path/to/sp.crt' );
	return $config;
} );
```

Or:

```
define( 'PHP_SAML_SP_KEY_PATH', '/path/to/sp.key' );
define( 'PHP_SAML_SP_CERT_PATH', '/path/to/sp.crt' );
```

### IdP Setup

[](#idp-setup)

Upon activation of the plugin, a submenu item ("SAML2") is added to the Network Admin interface under "Integrations". This leads to the SAML2 settings page. Your metadata XML can be downloaded from this page.

The plugin requires the Assertion elements of the Response to be signed.

The plugin looks for the following Attributes in the Response:

- Requires: `urn:oid:0.9.2342.19200300.100.1.1` (samAccountName or equivalent, ideally with FriendlyName `uid`)
- Strongly recommends: `urn:oid:0.9.2342.19200300.100.1.3` (email-address or equivalent, ideally with FriendlyName `mail`). If no value is available we fall back to `uid@127.0.0.1`
- Optional: `urn:oid:1.3.6.1.4.1.5923.1.1.1.6` (eduPersonPrincipalName or equivalent). Upon the first launch for a given user, if mail cannot match an existing person, and this value is present, we'll try to use it.

The email can be filtered, example: `add_filter( 'pb_integrations_multidomain_email', function( $email, $uid, $plugin ) { /* Custom use case, return $email */ }, 10, 3 );`

Because this plugin uses the fabulous [onelogin/php-saml](https://github.com/onelogin/php-saml/)toolkit, [many other configuration variables can be tweaked](https://github.com/onelogin/php-saml/#settings).

Using a test IdP SAML app
-------------------------

[](#using-a-test-idp-saml-app)

If you want to test the plugin with a test IdP, you can use [Auth0](https://auth0.com/). Here are the steps to create a test IdP application:

1. Create an Auth0 account (or ask the Operation Team for a test account).
2. Create a new application in the Auth0 dashboard.
3. Select "Regular Web Applications" as the application type.
4. Go to the "Settings" tab of your application.
5. Scroll down to the "Advanced Settings" section and click on "Ednpoints" tab.
6. Copy the "SAML Metadata URL" and paste it on Pressbooks SAML2 settings page, in the "IdP metadata URL" field and save the changes.
7. In Auth0, go to the "Addons" tab of your application, and click on "SAML2 Web App".
8. In the Settings tab, under the Application Callback URL, add: `https:///wp/wp-login.php?action=pb_shibboleth_acs`
9. In the PB Admin area, go to Integrations > SAML2 and click under the "Metadata XML Configuration" link displayed at the top of the page.
10. Locate the `EntityID` value inside the `` tag in your metadata XML. You’ll use this value as the audience in the next step.
11. Update your Auth0 Settings JSON to include the following configuration. Be sure to:

- Replace `` with the actual `EntityID` you copied.
- Replace `` with the domain of your Pressbooks instance.

```
  {
  	"audience": "",
  	"recipient": "https:///wp/wp-login.php?action=pb_shibboleth_acs",
  	"mappings": {
  		"user_id": "urn:oid:0.9.2342.19200300.100.1.1",
  		"email": "urn:oid:0.9.2342.19200300.100.1.3",
  		"name": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name",
  		"given_name": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname",
  		"family_name": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname",
  		"upn": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn",
  		"groups": "http://schemas.xmlsoap.org/claims/Group"
  	},
  	"createUpnClaim": true,
  	"passthroughClaimsWithNoMapping": true,
  	"logout": {
  		"slo_enabled": true,
  		"callback": "https:///wp/wp-login.php?action=pb_shibboleth_sls"
  	},
  	"binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
  }
```

Make sure you are using the correct `NETWORK_DOMAIN` for your Pressbooks instance. 12. Save the changes in Auth0. 13. Create a new user in the "User Management" section of the Auth0 dashboard. 14. Now you can log in using the new user you created in Auth0. Go to your Pressbooks instance and click on the "Login with SAML" button.

Sending logs
------------

[](#sending-logs)

If you use AWS and want to log SAML attempts on your server, you will need define some environment variables on the server which is hosting your Pressbooks instance.

### AWS S3

[](#aws-s3)

Define the following environment variables:

```
 LOG_LOGIN_ATTEMPTS (setting this value to true will enable this feature at the infrastructure level)
 AWS_ACCESS_KEY_ID
 AWS_SECRET_ACCESS_KEY
 AWS_S3_OIDC_BUCKET
 AWS_S3_REGION
 AWS_S3_VERSION

```

After these variables have been properly defined, basic information about SAML login attempts will be logged to your S3 bucket. A new CSV file will be created each month so that the logs remain readable. Log storage will take place in a folder structure that looks like this `S3 Bucket > saml_logs > {ENVIRONMENT} > {Network URL hashed though wp_hash function} > {YYYY-MM} > saml_logs.log`.

### AWS CloudWatch Logs

[](#aws-cloudwatch-logs)

Define the following envirnoment variables:

```
 LOG_LOGIN_ATTEMPTS (setting this value to true will enable this feature at the infrastructure level)
 AWS_ACCESS_KEY_ID
 AWS_SECRET_ACCESS_KEY
 AWS_S3_REGION
 AWS_S3_VERSION

```

After these variables have been properly defined, basic information about SAML login attempts will be logged in your AWS CloudWatch Logs service in JSON format. You will need to create a new Log group called `pressbooks-logs`.

Screenshots
-----------

[](#screenshots)

[![SAML2 Administration.](screenshot-1.png)](screenshot-1.png)

[![Metadata XML.](screenshot-2.png)](screenshot-2.png)

### Changelog

[](#changelog)

Please see the [CHANGELOG](CHANGELOG.md) file for more information.

###  Health Score

52

—

FairBetter than 96% of packages

Maintenance69

Regular maintenance activity

Popularity22

Limited adoption so far

Community20

Small or concentrated contributor base

Maturity85

Battle-tested with a long release history

 Bus Factor2

2 contributors hold 50%+ of commits

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~92 days

Recently: every ~160 days

Total

31

Last Release

63d ago

Major Versions

0.0.5 → 1.0.02019-03-26

1.6.1 → 2.0.02022-09-20

PHP version history (6 changes)0.0.1PHP >=7.0

1.0.0PHP >=7.1

1.6.1PHP >=7.4

2.1.0PHP ^7.4|8.0.\*

2.2.0PHP ^8.0

2.3.0PHP ^8.1

### Community

Maintainers

![](https://www.gravatar.com/avatar/5617ca8d230381ad60c37324c68fff5d0b1866a51f47b97e707a84afd0f80ce5?d=identicon)[pressbooks-ops](/maintainers/pressbooks-ops)

---

Top Contributors

[![SteelWagstaff](https://avatars.githubusercontent.com/u/13485451?v=4)](https://github.com/SteelWagstaff "SteelWagstaff (130 commits)")[![dac514](https://avatars.githubusercontent.com/u/812192?v=4)](https://github.com/dac514 "dac514 (99 commits)")[![richard015ar](https://avatars.githubusercontent.com/u/13248424?v=4)](https://github.com/richard015ar "richard015ar (49 commits)")[![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)](https://github.com/dependabot[bot] "dependabot[bot] (47 commits)")[![greatislander](https://avatars.githubusercontent.com/u/605361?v=4)](https://github.com/greatislander "greatislander (29 commits)")[![ho-man-chan](https://avatars.githubusercontent.com/u/21694293?v=4)](https://github.com/ho-man-chan "ho-man-chan (28 commits)")[![arzola](https://avatars.githubusercontent.com/u/4997549?v=4)](https://github.com/arzola "arzola (19 commits)")[![pressbooks-ops](https://avatars.githubusercontent.com/u/66340483?v=4)](https://github.com/pressbooks-ops "pressbooks-ops (14 commits)")[![fdalcin](https://avatars.githubusercontent.com/u/1761690?v=4)](https://github.com/fdalcin "fdalcin (6 commits)")[![transifex-integration[bot]](https://avatars.githubusercontent.com/in/18568?v=4)](https://github.com/transifex-integration[bot] "transifex-integration[bot] (3 commits)")[![dependabot-preview[bot]](https://avatars.githubusercontent.com/in/2141?v=4)](https://github.com/dependabot-preview[bot] "dependabot-preview[bot] (3 commits)")[![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?v=4)](https://github.com/github-actions[bot] "github-actions[bot] (1 commits)")[![cagp-dev-mtl](https://avatars.githubusercontent.com/u/8563418?v=4)](https://github.com/cagp-dev-mtl "cagp-dev-mtl (1 commits)")

---

Tags

pb-activepressbookspressbooks-pluginsamlsaml2shibbolethssopublishingebookswebbooks

### Embed Badge

![Health badge](/badges/pressbooks-pressbooks-saml-sso/health.svg)

```
[![Health](https://phpackages.com/badges/pressbooks-pressbooks-saml-sso/health.svg)](https://phpackages.com/packages/pressbooks-pressbooks-saml-sso)
```

###  Alternatives

[pressbooks/pressbooks

Pressbooks is an open source book publishing tool built on a WordPress multisite platform. Pressbooks outputs books in multiple formats, including PDF, EPUB, web, and a variety of XML flavours, using a theming/templating system, driven by CSS.

44643.1k1](/packages/pressbooks-pressbooks)[pantheon-systems/wp-saml-auth

SAML authentication for WordPress, using SimpleSAMLphp.

93268.2k2](/packages/pantheon-systems-wp-saml-auth)[rainlab/user-plugin

User plugin for October CMS

11954.3k13](/packages/rainlab-user-plugin)[scaler-tech/laravel-saml2

SAML2 Service Provider integration for Laravel applications, based on OneLogin toolkit

2737.5k](/packages/scaler-tech-laravel-saml2)[stuttter/wp-user-signups

The best way to manage user & site sign-ups in WordPress

46208.9k5](/packages/stuttter-wp-user-signups)[pressbooks/pressbooks-aldine

Aldine is the default theme for the home page of Pressbooks networks. It is named for the Aldine Press, founded by Aldus Manutius in 1494, who is regarded by many as the world’s first publisher.

114.3k](/packages/pressbooks-pressbooks-aldine)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)