Hey @monoxa,
Thanks for the question. Is this for a site hosted on Pantheon?
It looks like OneLogin’s PHP SAML library supports forceAuthn but WP SAML Auth hasn’t integrated with it fully yet.
If you’d like to experiment, you can change this $provider->login( $redirect_to ); call (ref) to $provider->login( $redirect_to, array(), true );
I don’t know whether this is the only change needed, or whether other changes are needed too.
Thread Starter
monoxa
(@monoxa)
Thanks for the quick reply.
I am using Pantheon.
I was able to execute “forceAuthn=”true”” by rewriting the specified code.
Thank you very much.
Great! Glad to hear it was an easy fix.
I’ve just tagged WP SAML Auth v1.2.3 where you can enable forceAuthn by adding this filter to your functions.php or similar:
add_filter( 'wp_saml_auth_force_authn', '__return_true' );
Thread Starter
monoxa
(@monoxa)
Thank you so much for taking the time to update the plugin.
I then contacted the AzureAD administrator and was able to solve the “Error – AADSTS75011” problem by adding the code to two files.
・wp-saml-auth.php(l.93)
・class-wp-saml-auth-options.php(l.147)
'security' => array(
'requestedAuthnContext' => false,
)
Thank you for the best plugin.
