Matthew J. Kellett

Website Architect and Developer

Wordpress Soap Authentication Plugin 1.0

Download the SOAP Authentication Plugin

This page contains an outline of the Wordpress Soap Authentication Plugin that I have recently developed. If you have any comments to make regarding this plugin please contact me or leave a comment below

Plugin Overview

Several large companies utilise an internal user management system, this plugin allows you to utilise this system to authenticate users with your Wordpress sites. There are several HTML based authentication scripts but there isn't one to use SOAP, hence why I wrote this one.

The Settings

When uploaded a menu will be added to the settings menu (or Super Admin menu if using WPMU) which allows the customisation of the plugin. This menu allows the full customisation of the SOAP Authentication plugin along with mappings for user details to ensure easier user integration.

The settings page is broken down into several aspect which are outlined below:

Webservice Settings

These are the main settings for the authentication script

  • WSDL Path - The path to the SOAP file that will handle the authentication
  • Auth Funciton - The function which will handle the authentication
  • Encryption Method - The encryption method for sending the password across the internet
  • Auth Repsonse Field - The field that contains the authorisation message
  • Expected Response - The expected response if a user is authenticated i.e. yes / 1/ true
  • Response Message - The field which contains a message if authentication fails
  • Port Number - An override for the port number if different than 80

Field Mappings

These are the user mappings from the response to the WP database

  • Response User Section - The field which contains the main user data if not in the root response
  • First Name - The field which contains a users first name
  • Last Name - The field which contains a users first name
  • Display Name - The field which contains a users display name (defaults to username if blank)
  • Email - The field which contains a users email address
  • URL - The field which contains a users website URL

Role Mappings

These are the user mappings from the response to the WP database

  • Response Role Field - The field which contains the user role for mappings purposes
  • The Roles - The roles which are currently set up within WP installation are listed here, you can then assign a users role to a specific WP role
  • Super Admin - If WPMU is installed then an extra option will appear to map users to Super Administrators

Custom Messages

This section allows you to specify messages throughout the system (including HTML)

  • Message for Login - The message which appears on the login screen to inform users about the login

Manual Configs

There are a couple of sections which need to be manually edited before using the plugin (until options are built). These are as follows:

  • Help Tip Image Path - admin.js:5 - At the top of the file there is a path which may or not need updating to the correct path of the plugin (defaults to root path: "/wp-content/plugins/soap-auth/images/help.png"
  • Auth Call - soap_auth.php:331 - This is the call to the main authentication, add additional parameters to this line i.e. system identifiers

Changelog

There have been no recent changes

Future Changes

There are a couple of additional settings that I am working on at the moment including additional paramaters for the authentication call i.e. system identifier

Download the SOAP Authentication Plugin

Screenshots

  • Settings Page

    settings.png

    This screenshot shows the settings page for the plugin. The page includes JavaScript based tooltips to guide you through each of the settings.

  • Login Page

    login.png

    This screenshot shows the message entered into the settings page for informaing users about the authentication process.

Disclaimer

Please backup every file that you intend to modify. If the modification modifies the database, it's a good idea to backup your database before doing so.

Note: If you need official support, you'll need to restore the unmodified files.

Comments

this module is doing all the think or is a bridge between a function to auth from inside the wp and an outside call?

Written by Fujy on 10th November 2010

Hi Matt,

We are trying to get WordPress SOAP authentication up and running. I made a pretty simple WCF service with an authentication method that grabs the username and password and runs it against an internal website to check that it works. I have it return a User class which consists of some fields like FirstName, LastName and user_authenticated (which if the username and password is correct is set to "yes"). Is this the right type of response that the plugin is looking for? It keeps giving me an incorrect username error.

Written by Matthew Arkin on 31st January 2011

Hi Matt, got a bit of a strange problem. I've downloaded the plugin and activated in Wordpress. For some reason, this breaks the dropdown functionality in the Wordpress left hand nav menus, and it's not possible to switch between the visual and HTML screens/view. Commenting out line 519 in soap_auth.php fixes the problem (but then removes the "SOAP Authentication" option from the left hand nav). Any suggestions?

Written by Luna on 9th February 2011

Hi Fujy,

All of the processing is carried out by the plug-in but it does require a soap service to connect too on a server somewhere so you can authenticate against.

So I suppose it does act more like a bridge between your WordPress site and your internal authentication system.

Written by Matt on 14th February 2011

Hi Matt, Sorry for the delay in responding. That sounds like the correct response from the soap service. The only thing I can suggest at the moment is to double check the field mapping settings to make sure the fields in your response are the same as what your service is returning. If you still cannot get it to work then please drop me a quick email using the contact page with a copy of the expected response (details changed of course) and I'll see what else it could be.

Written by Matt on 14th February 2011

Hi Luna,

That is a strange issue ... all that line actually does is pass the username and password through to the main soap authentication function so it shouldn't affect the display of the navigation menu. I'll do some further debugging and get back to you but can you let me know what version of WordPress you are using please?

Written by Matt on 14th February 2011

Hi Matt, thanks for having a look - I'm using Wordpress 3.0.1.

Written by Luna on 14th February 2011

Hi,

I'm trying to use soap plugin with wcf (.NET). Any consideration?

Could you send me some value settings sample? Which are obligatory fields from settings? I don't need roles up to now.

Written by Rodrigo Prior on 23rd February 2011

Hi Rodrigo, unfortunately I don't have access to a .NET server so haven't been able to test this plugin on a WordPress installation :( As for the required fields, all of them are actually required to successfully process an auth request using a soap service. By not having any roles, everyone who is authenticated with your site would be classes as administrators, this is why there is no default role (will add this as an option actually). Hope this helps.

Written by Matt on 23rd February 2011

Luna, did you get my request for a couple of screenshots? I have had another look and am unable to work out why you are having issues with the sidebar :-( I would suggest upgrading to the latest version to see if the issue still occurs.

Written by Matt on 23rd February 2011

Thanks Matt,

I' ve been debugging the code and something looks strange. The authenticate method execute when login page load, invoking web service witout parameters username and password (is that right?)

What type of object plugin expects from web service? I returned a serializable class called user and set that name in settings panel.

Written by Rodrigo on 23rd February 2011

Hi Rodrigo, the authenticate method should only run once the submit button on the login form has been clicked (the add action call controls this). The returned object via soap is typically a simpleXML object which is then converted to an array for processing. I'll put up the code and add some additional comments to it as soon as I am near my machine :)

Written by Matt on 23rd February 2011

Hi Matt,

could u send me some sample of object u create to return to plugin call and configuration settings screenshot? Thanks a lot!!

Written by Rodrigo on 28th February 2011

Hi Rodrigo, that should be with you now. Luna, can you drop me an email with a list of the plugins you have installed, one of them may have a style conflict with this one (not sure how though). Matthew, I have sent over an example XML response to you to, hopefully this will help solve your issues.

Written by Matt on 28th February 2011

Luna & Matt - The errors with the sidebar dropdown functionality breaking down are coming from:

wp_deregister_script('jquery');

wp_register_script('jquery', WP_PLUGIN_URL . '/soap-auth/js/jquery-1.4.2.js');

The script deregisters jquery and then tries to register it again. This doesn't happen because the plugin installs to the "soap-authentication directory, not the "soap-auth" directory. Jquery is never registered again and that is why the jquery functionality in wordpress admin breaks.

Matt - Found a typo in soap_auth.php as well.

echo '<option>SHA256 Hash</option><option>SHA1</option><option selected="selected">MD5</option><option selected="seclected">Plain Text (not advised)</option>';

selected="seclected" <--

Thanks for the great plug-in. I'll let you know if it will work for my project.

Written by D on 9th May 2011

Hi D, Thanks for the info. I'll get that updated ASAP.

Written by Matt on 9th May 2011

This has now been updated and the changes should be reflected on Wordpress ASAP.

Written by Matt on 9th May 2011

Donations

If you like this plugin or use it then please donate something to me so I can continue updating this as well as creating new ones

About Me

I am a website architect and developer working as a senior developer for BT Customerstreet in Lancaster.

I specialise in PHP and MySQL but I also utilise several technologies and techniques including XML, XSLT, MVC, DAO and SOA to name a few.

More info

Latest Updates

The latest additions to my development portfolio