This site requires JavaScript to be enabled
Welcome|
Recent searches
IE BUMPER

EID authentication considerations for WordPress on Pantheon

Number of views : 6
Article Number : KB0014812
Published on : 2019-07-19
Last modified : 2019-07-19 16:13:23
Knowledge Base : IT Public Self Help

EID authentication for WordPress is only available for sites using the WordPress for Texas custom upstream.

 

PLEASE NOTE: Pantheon does not support restriction of content based on EID's, roles, or affiliations. 

Required Plugins

There are a few plugins included in the WordPress for Texas bundle that are required for EID authentication on Pantheon-hosted WordPress sites. These plugins are:

  • UTexas EID Authentication (SAML)
  • WP SAML Auth
  • Force SSL Admin (listed under "must-use" plugins)

These plugins MUST remain activated for EID authentication to work. The codebase also includes the SimpleSAMLphp library in the document root's /private directory which MUST remain as well.

Module Options and Configuration

Configurations and settings come bundled with the WordPress for Texas upstream and no changes are required once integration is complete.

 Modification to Upstream Code

Customizations to the upstream SAML Authentication code is highly discouraged. In addition to merge conflicts that might cause problems for downstream repos, the plugin could begin to malfunction causing WordPress accounts to authenticate locally in the application rather than backed by UT Login. Please consult service stewards with further questions.

Quarterly User Reviews 

It is the site owner's responsibility on a quarterly basis to review the users who have access to the WordPress site, and when necessary, remove or adjust the privileges of any users who should no longer have access to the site. Users and roles assigned can be reviewed through the Site Administrator Dashboard.

User roles can be reviewed either through the Site Administrator Dashboard ( under Users ). Roles can be reassigned by clicking "edit" next to the user's EID and finding the "Role" dropdown.

Roles can be reassigned by clicking "edit" next to the user's EID and finding the "Role" dropdown. User accounts can be removed in a similar process. Please note that user account deprovisioning must be performed manually and the users account deleted out of WordPress.

Additionally, users and their capabilities can be exported out of the site database using the following query for automated processing:

SELECT user.ID, user.user_login, user.user_email FROM wp_users user INNER JOIN wp_usermeta meta ON meta.user_id = user.ID WHERE meta.meta_key = 'wp_capabilities';

 

Other considerations

WordPress makes no distinction between local and EID based user accounts in WordPress.

Both are identical in the database and are handled by UT Login instead when the WP SAML Auth is activated.

Accounts are otherwise functional as local WordPress accounts and will behave as such when WP SAML Auth is deactivated.

Maintaining User Accounts Over Time

Updating First and Last Name

A Site Administrator or the EID owner themselves can log into the WordPress site and viewing their profile page. The profile page does offer the ability to update this information.

 

Handling EID Merges in WordPress for Texas

EID Merge Concepts: Target and Source EIDs:
One of the two identities being merged is known as the "source". The other is known as the "target". The target identity's attributes are retained, while the attributes of the source identity are deactivated.

In the scenario where the target EID DOES NOT exist, the EID owner will need to contact the Site Administrator. The Site Administrator will create a new account using the target EID, reassign all the source EID's content to the target, and delete the source EID from of WordPress.

 

 

 

 

Thank You! Your feedback has been submitted.

Feedback