Integrating Enterprise Authentication on WordPress for Texas sites hosted on Pantheon
This article explains how to enable EID authentication on a Pantheon-hosted WordPress site that uses the WordPress for Texas custom upstream. If you are NOT using the WordPress for Texas upstream, see: https://ut.service-now.com/sp?id=kb_article&number=KB0019336
IMPORTANT: Pantheon and WordPress do not natively support restriction of content based on EIDs, roles, or affiliations.
There are a few plugins included in the WordPress for Texas bundle that are required for EID authentication on Pantheon-hosted WordPress sites. These plugins are:
- UTexas EID Authentication (SAML)
- WP SAML Auth
- Force SSL Admin (listed under "must-use" plugins)
These plugins MUST remain activated for EID authentication to work. The codebase also includes the SimpleSAMLphp library in the document root's /private directory which MUST remain as well.
Module Options and Configuration
Configurations and settings come bundled with the WordPress for Texas upstream and no changes are required once integration is complete.
Quarterly User Reviews
It is the site owner's responsibility on a quarterly basis to review the users who have access to the WordPress site, and when necessary, remove or adjust the privileges of any users who should no longer have access to the site. Users and roles assigned can be reviewed through the Site Administrator Dashboard.
User roles can be reviewed either through the Site Administrator Dashboard ( under Users ). Roles can be reassigned by clicking "edit" next to the user's EID and finding the "Role" dropdown.
Roles can be reassigned by clicking "edit" next to the user's EID and finding the "Role" dropdown. User accounts can be removed in a similar process. Please note that user account de-provisioning must be performed manually and the users account deleted out of WordPress.
Additionally, users and their capabilities can be exported out of the site database using the following query for automated processing:
SELECT user.ID, user.user_login, user.user_email FROM wp_users user INNER JOIN wp_usermeta meta ON meta.user_id = user.ID WHERE meta.meta_key = 'wp_capabilities';
WordPress makes no distinction between local and EID based user accounts in WordPress.
Both are identical in the database and are handled by UT Login instead when the WP SAML Auth is activated.
Accounts are otherwise functional as local WordPress accounts and will behave as such when WP SAML Auth is deactivated.
Maintaining User Accounts Over Time
Updating First and Last Name
A Site Administrator or the EID owner themselves can log into the WordPress site and viewing their profile page. The profile page does offer the ability to update this information.
Handling EID Changes