/**
* Migrate old data to newer formats.
*/
function shibboleth_migrate_old_data()
{
// new header format, allowing each header to be marked as 'managed' individually
$managed = shibboleth_get_option('shibboleth_update_users');
$headers = shibboleth_get_option('shibboleth_headers');
$updated = false;
foreach ($headers as $key => $value) {
if (is_string($value)) {
$headers[$key] = array('name' => $value, 'managed' => $managed);
$updated = true;
}
}
if ($updated) {
shibboleth_update_option('shibboleth_headers', $headers);
}
shibboleth_delete_option('shibboleth_update_users');
}
/**
* WordPress options page to configure the Shibboleth plugin.
*
* @uses apply_filters() Calls 'shibboleth_plugin_path'
*/
function shibboleth_options_page()
{
global $wp_roles;
if (isset($_POST['submit'])) {
check_admin_referer('shibboleth_update_options');
$shib_headers = (array) shibboleth_get_option('shibboleth_headers');
$shib_headers = array_merge($shib_headers, $_POST['headers']);
/**
* filter shibboleth_form_submit_headers
* @param $shib_headers array
* @since 1.4
* Hint: access $_POST within the filter.
*/
$shib_headers = apply_filters('shibboleth_form_submit_headers', $shib_headers);
shibboleth_update_option('shibboleth_headers', $shib_headers);
$shib_roles = (array) shibboleth_get_option('shibboleth_roles');
$shib_roles = array_merge($shib_roles, $_POST['shibboleth_roles']);
/**
* filter shibboleth_form_submit_roles
* @param $shib_roles array
* @since 1.4
* Hint: access $_POST within the filter.
*/
$shib_roles = apply_filters('shibboleth_form_submit_roles', $shib_roles);
shibboleth_update_option('shibboleth_roles', $shib_roles);
shibboleth_update_option('shibboleth_login_url', $_POST['login_url']);
shibboleth_update_option('shibboleth_logout_url', $_POST['logout_url']);
shibboleth_update_option('shibboleth_password_change_url', $_POST['password_change_url']);
shibboleth_update_option('shibboleth_password_reset_url', $_POST['password_reset_url']);
shibboleth_update_option('shibboleth_default_login', (bool) $_POST['default_login']);
shibboleth_update_option('shibboleth_auto_login', (bool) $_POST['auto_login']);
shibboleth_update_option('shibboleth_update_users', (bool) $_POST['update_users']);
shibboleth_update_option('shibboleth_update_roles', (bool) $_POST['update_roles']);
/**
* action shibboleth_form_submit
* @since 1.4
* Hint: use global $_POST within the action.
*/
do_action('shibboleth_form_submit');
}
$shib_headers = shibboleth_get_option('shibboleth_headers');
$shib_roles = shibboleth_get_option('shibboleth_roles');
$shibboleth_plugin_path = apply_filters('shibboleth_plugin_path', plugins_url('shibboleth'));
screen_icon('shibboleth');
?>
<style type="text/css">
#icon-shibboleth { background: url("<?php
echo $shibboleth_plugin_path . '/icon.png';
?>
") no-repeat; height: 36px width: 36px; }
</style>
<div class="wrap">
<form method="post">
<h2><?php
_e('Shibboleth Options', 'shibboleth');
?>
</h2>
<table class="form-table">
<tr valign="top">
<th scope="row"><label for="login_url"><?php
_e('Session Initiator URL', 'shibboleth');
?>
</label</th>
<td>
<input type="text" id="login_url" name="login_url" value="<?php
echo shibboleth_get_option('shibboleth_login_url');
?>
" size="50" /><br />
<?php
_e('This URL is constructed from values found in your main Shibboleth' . ' SP configuration file: your site hostname, the Sessions handlerURL,' . ' and the SessionInitiator Location.', 'shibboleth');
?>
<br /><?php
_e('Wiki Documentation', 'shibboleth');
?>
:
<a href="https://spaces.internet2.edu/display/SHIB/SessionInitiator" target="_blank">Shibboleth 1.3</a> |
<a href="https://spaces.internet2.edu/display/SHIB2/NativeSPSessionInitiator" target="_blank">Shibboleth 2</a>
</td>
</tr>
<tr valign="top">
<th scope="row"><label for="logout_url"><?php
_e('Logout URL', 'shibboleth');
?>
</label</th>
<td>
<input type="text" id="logout_url" name="logout_url" value="<?php
echo shibboleth_get_option('shibboleth_logout_url');
?>
" size="50" /><br />
<?php
_e('This URL is constructed from values found in your main Shibboleth' . ' SP configuration file: your site hostname, the Sessions handlerURL,' . ' and the LogoutInitiator Location (also known as the' . ' SingleLogoutService Location in Shibboleth 1.3).', 'shibboleth');
?>
<br /><?php
_e('Wiki Documentation', 'shibboleth');
?>
:
<a href="https://spaces.internet2.edu/display/SHIB/SPMainConfig" target="_blank">Shibboleth 1.3</a> |
<a href="https://spaces.internet2.edu/display/SHIB2/NativeSPLogoutInitiator" target="_blank">Shibboleth 2</a>
</td>
</tr>
<tr valign="top">
<th scope="row"><label for="password_change_url"><?php
_e('Password Change URL', 'shibboleth');
?>
</label</th>
<td>
<input type="text" id="password_change_url" name="password_change_url" value="<?php
echo shibboleth_get_option('shibboleth_password_change_url');
?>
" size="50" /><br />
<?php
_e('If this option is set, Shibboleth users will see a "change password" link on their profile page directing them to this URL.', 'shibboleth');
?>
</td>
</tr>
<tr valign="top">
<th scope="row"><label for="password_reset_url"><?php
_e('Password Reset URL', 'shibboleth');
?>
</label</th>
<td>
<input type="text" id="password_reset_url" name="password_reset_url" value="<?php
echo shibboleth_get_option('shibboleth_password_reset_url');
?>
" size="50" /><br />
<?php
_e('If this option is set, Shibboleth users who try to reset their forgotten password using WordPress will be redirected to this URL.', 'shibboleth');
?>
</td>
</tr>
<tr>
<th scope="row"><label for="default_login"><?php
_e('Shibboleth is default login', 'shibboleth');
?>
</label></th>
<td>
<input type="checkbox" id="default_login" name="default_login" <?php
echo shibboleth_get_option('shibboleth_default_login') ? ' checked="checked"' : '';
?>
/>
<label for="default_login"><?php
_e('Use Shibboleth as the default login method for users.', 'shibboleth');
?>
</label>
<p><?php
_e('If set, this will cause all standard WordPress login links to initiate Shibboleth' . ' login instead of local WordPress authentication. Shibboleth login can always be' . ' initiated from the WordPress login form by clicking the "Login with Shibboleth" link.', 'shibboleth');
?>
</p>
</td>
</tr>
<tr>
<th scope="row"><label for="auto_login"><?php
_e('Shibboleth automatic login', 'shibboleth');
?>
</label></th>
<td>
<input type="checkbox" id="auto_login" name="auto_login" <?php
echo shibboleth_get_option('shibboleth_auto_login') ? ' checked="checked"' : '';
?>
/>
<label for="auto_login"><?php
_e('Use Shibboleth to auto-login users.', 'shibboleth');
?>
</label>
<p><?php
_e('If set, this will force a wp_signon() call and wp_safe_redirect()' . ' to the site_url option.', 'shibboleth');
?>
</p>
</td>
</tr>
<?php
/**
* action shibboleth_options_table
* Add your own Shibboleth options items to the Shibboleth options table.
* Note: This is in a <table> so add a <tr> with appropriate styling.
*
* @param $shib_headers array
* @param $shib_roles array
* @since 1.4
*/
do_action('shibboleth_options_table', $shib_headers, $shib_roles);
?>
</table>
<br class="clear" />
<h3><?php
_e('User Profile Data', 'shibboleth');
?>
</h3>
<p><?php
_e('Define the Shibboleth headers which should be mapped to each user profile attribute. These' . ' header names are configured in <code>attribute-map.xml</code> (for Shibboleth 2.x) or' . ' <code>AAP.xml</code> (for Shibboleth 1.x).', 'shibboleth');
?>
</p>
<p>
<?php
_e('Wiki Documentation', 'shibboleth');
?>
:
<a href="https://spaces.internet2.edu/display/SHIB/AttributeAcceptancePolicy" target="_blank">Shibboleth 1.3</a> |
<a href="https://spaces.internet2.edu/display/SHIB2/NativeSPAddAttribute" target="_blank">Shibboleth 2</a>
</p>
<table class="form-table optiontable editform" cellspacing="2" cellpadding="5">
<tr valign="top">
<th scope="row"><label for="username"><?php
_e('Username');
?>
</label</th>
<td><input type="text" id="username" name="headers[username][name]" value="<?php
echo $shib_headers['username']['name'];
?>
" /></td>
<td width="60%"></td>
</tr>
<tr valign="top">
<th scope="row"><label for="first_name"><?php
_e('First name');
?>
</label</th>
<td><input type="text" id="first_name" name="headers[first_name][name]" value="<?php
echo $shib_headers['first_name']['name'];
?>
" /></td>
<td><input type="checkbox" id="first_name_managed" name="headers[first_name][managed]" <?php
checked($shib_headers['first_name']['managed'], 'on');
?>
/> <?php
_e('Managed', 'shibboleth');
?>
</td>
</tr>
<tr valign="top">
<th scope="row"><label for="last_name"><?php
_e('Last name');
?>
</label</th>
<td><input type="text" id="last_name" name="headers[last_name][name]" value="<?php
echo $shib_headers['last_name']['name'];
?>
" /></td>
<td><input type="checkbox" id="last_name_managed" name="headers[last_name][managed]" <?php
checked($shib_headers['last_name']['managed'], 'on');
?>
/> <?php
_e('Managed', 'shibboleth');
?>
</td>
</tr>
<tr valign="top">
<th scope="row"><label for="nickname"><?php
_e('Nickname');
?>
</label</th>
<td><input type="text" id="nickname" name="headers[nickname][name]" value="<?php
echo $shib_headers['nickname']['name'];
?>
" /></td>
<td><input type="checkbox" id="nickname_managed" name="headers[nickname][managed]" <?php
checked($shib_headers['nickname']['managed'], 'on');
?>
/> <?php
_e('Managed', 'shibboleth');
?>
</td>
</tr>
<tr valign="top">
<th scope="row"><label for="_display_name"><?php
_e('Display name', 'shibboleth');
?>
</label</th>
<td><input type="text" id="_display_name" name="headers[display_name][name]" value="<?php
echo $shib_headers['display_name']['name'];
?>
" /></td>
<td><input type="checkbox" id="display_name_managed" name="headers[display_name][managed]" <?php
checked($shib_headers['display_name']['managed'], 'on');
?>
/> <?php
_e('Managed', 'shibboleth');
?>
</td>
</tr>
<tr valign="top">
<th scope="row"><label for="email"><?php
_e('Email Address', 'shibboleth');
?>
</label</th>
<td><input type="text" id="email" name="headers[email][name]" value="<?php
echo $shib_headers['email']['name'];
?>
" /></td>
<td><input type="checkbox" id="email_managed" name="headers[email][managed]" <?php
checked($shib_headers['email']['managed'], 'on');
?>
/> <?php
_e('Managed', 'shibboleth');
?>
</td>
</tr>
</table>
<p><?php
_e('<em>Managed</em> profile fields are updated each time the user logs in using the current' . ' data provided by Shibboleth. Additionally, users will be prevented from manually updating these' . ' fields from within WordPress. Note that Shibboleth data is always used to populate the user' . ' profile during initial account creation.', 'shibboleth');
?>
</p>
<br class="clear" />
<h3><?php
_e('User Role Mappings', 'shibboleth');
?>
</h3>
<?php
/**
* filter shibboleth_role_mapping_override
* Return true to override the default user role mapping form
*
* @param boolean - default value false
* @return boolean - true if override
* @since 1.4
*
* Use in conjunction with shibboleth_role_mapping_form action below
*/
if (apply_filters('shibboleth_role_mapping_override', false) === false) {
?>
<p><?php
_e('Users can be placed into one of WordPress\'s internal roles based on any' . ' attribute. For example, you could define a special eduPersonEntitlement value' . ' that designates the user as a WordPress Administrator. Or you could automatically' . ' place all users with an eduPersonAffiliation of "faculty" in the Author role.', 'shibboleth');
?>
</p>
<p><?php
_e('<strong>Current Limitations:</strong> While WordPress supports users having' . ' multiple roles, the Shibboleth plugin will only place the user in the highest ranking' . ' role. Only a single header/value pair is supported for each user role. This may be' . ' expanded in the future to support multiple header/value pairs or regular expression' . ' values. In the meantime, you can use the <em>shibboleth_roles</em> and' . ' <em>shibboleth_user_role</em> WordPress filters to provide your own logic for assigning' . ' user roles.', 'shibboleth');
?>
</p>
<style type="text/css">
#role_mappings { padding: 0; }
#role_mappings thead th { padding: 5px 10px; }
#role_mappings td, #role_mappings th { border-bottom: 0px; }
</style>
<table class="form-table optiontable editform" cellspacing="2" cellpadding="5" width="100%">
<tr>
<th scope="row"><?php
_e('Role Mappings', 'shibboleth');
?>
</th>
<td id="role_mappings">
<table id="">
<col width="10%"></col>
<col></col>
<col></col>
<thead>
<tr>
<th></th>
<th scope="column"><?php
_e('Header Name', 'shibboleth');
?>
</th>
<th scope="column"><?php
_e('Header Value', 'shibboleth');
?>
</th>
</tr>
</thead>
<tbody>
<?php
foreach ($wp_roles->role_names as $key => $name) {
echo '
<tr valign="top">
<th scope="row">' . _c($name) . '</th>
<td><input type="text" id="role_' . $key . '_header" name="shibboleth_roles[' . $key . '][header]" value="' . @$shib_roles[$key]['header'] . '" style="width: 100%" /></td>
<td><input type="text" id="role_' . $key . '_value" name="shibboleth_roles[' . $key . '][value]" value="' . @$shib_roles[$key]['value'] . '" style="width: 100%" /></td>
</tr>';
}
?>
</tbody>
</table>
</td>
</tr>
<tr>
<th scope="row"><?php
_e('Default Role', 'shibboleth');
?>
</th>
<td>
<select id="default_role" name="shibboleth_roles[default]">
<option value=""><?php
_e('(none)');
?>
</option>
<?php
foreach ($wp_roles->role_names as $key => $name) {
echo '
<option value="' . $key . '"' . ($shib_roles['default'] == $key ? ' selected="selected"' : '') . '>' . _c($name) . '</option>';
}
?>
</select>
<p><?php
_e('If a user does not map into any of the roles above, they will' . ' be placed into the default role. If there is no default role, the' . ' user will not be able to login with Shibboleth.', 'shibboleth');
?>
</p>
</td>
</tr>
<tr>
<th scope="row"><label for="update_roles"><?php
_e('Update User Roles', 'shibboleth');
?>
</label></th>
<td>
<input type="checkbox" id="update_roles" name="update_roles" <?php
echo shibboleth_get_option('shibboleth_update_roles') ? ' checked="checked"' : '';
?>
/>
<label for="update_roles"><?php
_e('Use Shibboleth data to update user role mappings each time the user logs in.', 'shibboleth');
?>
</label>
<p><?php
_e('Be aware that if you use this option, you should <strong>not</strong> update user roles manually,' . ' since they will be overwritten from Shibboleth the next time the user logs in. Note that Shibboleth data' . ' is always used to populate the initial user role during account creation.', 'shibboleth');
?>
</p>
</td>
</tr>
</table>
<?php
} else {
/**
* action shibboleth_role_mapping_form
* Roll your own custom Shibboleth role mapping admin UI
*
* @param $shib_headers array
* @param $shib_roles array
* @since 1.4
*
* Use in conjunction with shibboleth_role_mapping_override filter
*/
do_action('shibboleth_role_mapping_form', $shib_headers, $shib_roles);
}
// if ( form override )
?>
<?php
wp_nonce_field('shibboleth_update_options');
?>
<p class="submit"><input type="submit" name="submit" class="button-primary" value="<?php
_e('Save Changes');
?>
" /></p>
</form>
</div>
<?php
}
