Search Results :
×WP Single Sign On / Release Note
Compatibility with WordPress 6.7.
Usability Improvement
Added the pot files for French, Spanish, German and Japanese Languages.
UI Improvements.
Improvements to the SSO button on the WordPress login page.
UI Improvements.
Handled Fatal Errors when PHP extensions (CURL, DOM, OPENSSL) are disabled.
Clarified error codes on the Test Configuration tab for easier troubleshooting.
Fixed console warnings during registration and login in the Account Setup Tab.
UI Improvements.
Added translation support.
Added additional checks around the wp-config.php access flow.
Compatibility with WordPress 6.6.
UI improvements.
Fix for wp-config.php file read flow.
Added PHPCS Fixes.
Fix for the warning while editing the Theme.
Performance Fixes.
Compatibility Fixes with WordPress 6.5.
Updating pricing links for WordPress SSO Plugin.
Added free trial for SAML SSO.
Updates in SAML SSO Plans UI.
SSO span Fix on update.
Fix for iconv() warning in linux environment.
Fix for upgrade to premium versions.
Minor UI improvements.
WP 6.4 Compatibility
Compatibility fix with Themify Plugin
UI fixes.
WP 6.3 Compatibility.
Added proper error message when wp-config.php is not writable for enabling debug logs.
Fix for warning in the list of IDP logos.
Fix for NetIQ SAML IDP Logo.
Fix for x509 certificate in SAML SSO Configurations.
Vulnerability fix for Broken Access Control in SSO Settings.
Added additional exception handling checks to enhance the validation of SAML Response.
Added Steps to download the paid plugin.
Minor Bug Fixes.
Added new IDPs like Siteminder, VMWare, OpenAthens.
Minor Bug Fixes.
Added new IDPs like Sharepoint, Dynamic CRM, LastPass, Drupal.
Compatibility with WordPress 6.2.
Added iconv encoding issue flow.
Fixed plugin update using FTP replace.
Fixed SSO widget title issue.
Fixed plugin deactivation issue.
Fixes in debug log functionality.
Added PHPCS fixes.
Security fix for Open Redirect Vulnerability.
Fixes in Logger Functionality.
Provided an option in the plugin to disable the time validity check for SAML assertion.
Fixed UI issues for Safari Browser.
Removed dependency from bootstrap.js and popper.js, by adding custom js in the plugin.
Added custom CSS in place of using bootstrap.css library.
Converted all the images to .webp format from .png format.
WordPress 6.1 Compatibility.
Fixed PHP TypeError arising due to passing non-array values in PHP Array functions.
Fixed error while Importing Environment configurations.
SSO Login span and Domain restriction configurations importing successfully.
October 15, 2024
Fixes for disabling updation of whitelisted roles.
Fixes for Logout Relay State URL.
October 04, 2024
Added functionality to exclude specific roles from being updated for existing users.
Improvement in the Relative and Absolute relaystate.
Improvements to the redirect_to parameter.
July 29, 2024
Made the plugin compatible with WordPress version 6.6.
Fixed and added support to save relative URLs in the Logout and Login RelayState fields.
Added version number in plugin heading as well as mentioned the plan name & plugin version in the query email subject line itself.
Fixed an issue where, when configuring more than one value in the Allow/Deny user login based on IDP attribute values and checking the allow radio span, attempting to perform SSO with a user having one of these attributes results in a wp_die message instead of providing access to the WP site.
Fixed and updated .htaccess file rules in the plugin’s root folder as well as in the resources folder, so that the CSS and JS files can load seamlessly if we have Apache 2.4.59 or later.
Fixed an issue in the current implementation of the backdoor URL query that permitted all special characters and scripts to be saved. Restricted this behaviour, and displayed a warning when the user enters special characters in the field.
Fixed an error where, when the plugin is activated and the site URL is accessed with an invalid SAMLRequest/SAMLResponse parameter, a fatal error was received.
Backdoor URL does not redirect to the wordpress login page when third party plugins such as WPS-Hide plugin are activated which are used to change the wp-login subpath.
Since now customers use the portal to access their license details and download the plugin so linked portal for license keys in the plugin.
Fixed some other minor issues such as wrong message on status code, attribute/role mapping UI improvements, etc.
April 12, 2024
Improvements in plugin notices.
April 03, 2024
Ensured that the SAML support email ID is correctly displayed in the Error Codes tab, with the mailto: attribute. Also In SAML Tracer, include a link to redirect users to the FAQ section where they can download SAML Tracer extension and access related documentation. Additionally, provided more descriptive explanations for error code fix and error.
Improved UI for Attribute/Role Mapping Tab.
Fixed When the Keep settings intact option is disabled and a Plugin is deleted, the Role mapping values, Advanced Settings, and Metadata sync settings are not being removed. All plugin configurations should be deleted when the plugin is removed. Additionally, when metadata syncs, the IDP name is not added, resulting in an empty IDP name value.
Fixed Issues related to Licensing Framework.
Added a check that compares the email address (received from SAML Response) with the email address of the user (that exists in WP with the received username in SAML Response) in a case-insensitive manner. The user’s email is updated only if the check fails i.e. the email is completely different.
Added a check that cA Notice appearing when a customer saves any Azure or Salesforce-related IDP, promoting our Azure and Salesforce solutions.
December 27, 2023
Fix for the license activated on multiple domains warning.
Fix for the RSS feed redirection issue and redirection loop in the API call.
December 11, 2023
Added an option in the Metadata Sync section to sync only certificates from the metadata.
Redesigned the user interface of the 'Service Provider Setup' tab within the plugin to show a list of the configured IDPs. Added bulk options as well as IDP status.
Added the corrected steps to update the plugin to update to the latest certificate.
Improved the warnings to display errors in case of a missing PHP extension. Handled all cases of error messages.
Added notices to notify that manual configuration would be overridden if sync is enabled.
Separated the Metadata Sync section in the SP Setup tab.
Added a Sync Now span.
Added PHP CS fixes as required in the plugin.
Added check for required fields in the configuration file. Also added validation for the values of the configuration file.
Other UI improvements.
November 11, 2023
Fixed default role assignment for existing users when role mapping is not configured.
Resolved issue of existing users being assigned no role.
Minor Bug fixes.
November 09, 2023
Resolved a bug where after upgrading to 12.2.0 version, all users were assigned the default role.
December 11, 2023
This features decides whether to check the time validity of SAML Assertion for SSO login.
Revamped the user interface of the 'Attribute/Role Mapping' tab within the plugin, introducing improvements for a more intuitive and user-friendly experience, accompanied by comprehensive documentation to guide users through the enhanced features and functionalities.
Revamped the Account info tab by adding functionalities such as view your licence keys span, revamped user interface for the licence expiry notice reflecting the remaining days, updated FAQ’s content, etc.
Used WordPress functions for file paths instead of PHP functions.
Improved the plugin performance as well as code by Reducing/Removing the unwanted database calls from the SAML Response flow.
October 18, 2023
Added steps on how to resolve the warning message for license key used on multiple domains.
Added a Free your License Key link in the Account Info Tab.
Added additional type checks for upgrade.
Removed the Regex check on password.
Fixed Apply Role Mapping for Admins Issue.
Fixed the getValidAudiences on null Issue.
October 11, 2023
Added new functionality to update the plugin to its latest version by using this command: wp saml update.
Added updating the WP user's nickname during SSO based on their attributes received inthe SAML Response from the Identity Provider.
Added a new feature which prevents updating the existing user’s display name. All other attributes would be updated as per the attribute mapping configured.
Added a new feature that adds an SSO user tag for users logging in via SSO.This feature is useful if you want to differentiate between users logging in via WordPress and those logging in via SSO.
A hook is added to customize the SSO login button. Now, it is possible to add icon, custom CSS, etc. on the SSO login button.
Added Error Codes for the SSO Login Flow in the plugin to help identify issues during SSO more effectively. This ensures that errors and issues encountered during the authentication process are appropriately managed.
Reduce the size of the plugin by compressing the images through converting into SVG format.
To eliminate the need for manually enabling the Keep setting intact toggle, we've enabled this option automatically upon plugin activation.
We have improved the certificate mismatch error to list the exact steps needed to address the Certificate Mismatch error caused by Iconv encoding.
Now the NameID format value would be fetched into the plugin settings from Identity Provider Metadata during import or metadata sync.
The test configuration endpoint will now be accessible to only administrators in WordPress.
We have removed the licensing plan from the plugin and added a link to the licensing plans page on our site to provide a smoother and uniform experience.
We improved the plugin code by changing the DB options into constants.
Minor Bug Fixes.
September 15, 2023
Relaxed the Audience Restriction check.
No warning in the debug log when the customer checks for any new updates of the plugin.
No warning in the debug log when the customer checks for any new updates of the plugin.
Not loading CSS on every page of the site.
In case of an invalid XML in the form of a string. The proper message is displayed.
September 08, 2023
Tested the plugin with PHP 8.2 for compatibility.
Also known as Entity Expansion Attack, the attack causes growth in resource requirements by simply repeating a large entity over and over again. The quadratic blowup variation can also cause quadratic growth in resources. To prevent this, additional checks were added to handle an invalid XML or an XML that has infinite entities referenced in it. This protects from a DOS attack.
A replay attack can occur when a valid SAML Response is posted on the site by an attacker within the assertion time validity. This was fixed so that unauthorized access could be prevented.
Alpine Linux environments do not support the CP-1252 encoding in iconv function and hence throw a function undefined warning when the iconv toggle is enabled. This was handled so that warnings were not visible on the front end.
A warning was thrown when the user session is already terminated on logout. This was handled such that the Single Logout is not performed once the user session is already terminated.
Fixes were done to make the SSO Plugin compatible with the Advanced Role Mapping addon.
Updated the versions of all external libraries used in the plugin.
Added .htaccess file to restrict license file for the plugin.
Added the secure parameter for cookies created by the plugin.
A non-SSO user would be redirected to the WP login page after logout from WordPress (this is the default behavior of WordPress).
Any additional parameters appended to the SSO endpoint will now be relayed with the SAML Request to the Identity Provider.
Added an option for enabling metadata sync in the Service Provider Setup tab. An option to add the Metadata URL as well as to choose the sync interval was also provided.
Added a proper error message during test configuration as well as SSO if the Encryption Certificate in the plugin and SAML Response mismatches.
August 16, 2023
Tested the plugin with WP 6.3 for compatibility.
Importing a configuration file from the free plugin version ( > 5.0.0 ) used to cause a fatal error. Free Plugin Configuration File can now be imported without errors.
An Invalid JSON Error was returned when verifying the plugin license via WP CLI. This was fixed and proper data checks were added.
SiteGround was pointing out the plugin files as malicious due to obfuscated code. Changes were made to remedy this.
Plugin was including an older version of JQuery which was not required.
Plugin deleted license related information from all subsites (where plugin was activated) when the premium single site plugin was deactivated from a subsite in a multisite network. This was modifed for a better user experience. Now the options delete only on the subsite where the plugin was deactivated.
The admin dashboard widget as well as admin notice for license expiry includes a link to navigate to plugin settings.
Plugin would now update the License Expiry Date automatically once in 30 days for a improved user experience.
Improved how the plugin includes the files required for functioning. All file paths are included in the plugin using constants now.
Added validation checks for multiple environments configurations.
May 22, 2023
Rolled out fixes for compatibility with WP 6.2.
Implemented a new and improved design of the Account Info tab for easier navigation and showing information.
Implemented Error Code in the SSO flow, which will be listed in the plugin’s submenu.
Fixes and improvements for the plugin licensing.
Added a dashboard widget that shows the miniOrange account’s email address and license expiry date.
Implemented notices for easier understanding of the plugin’s framework.
Febuary 23, 2023
Updated the Bootstrap Version to 5.2.2.
January 11, 2023
Fix for license file.
January 10, 2023
WordPress 6.1 Compatibility.
Fixed PHP TypeError arising due to passing non-array values in PHP Array functions.
Fixed error while Importing Environment configurations.
SSO Login span and Domain restriction configurations importing successfully.
November 14, 2022
Compatibilty with WordPress Scanner.
November 14, 2022
Security fixes for Open Redirect Vulnerability.
Added proper escaping fixes.
August 30, 2023
Added New Certificates.
Added Trial Frameworks.
November 12,2024
Added functionality to exclude specific roles from being updated for existing users.
Fixes for Logout Relay State URL.
Fixes for loading css files for domain mapping functionality.
September 19,2024
Added the plugin documentation near the plugin heading.
August 05,2024
Added the filter hook to modify the custom attributes data format.
Added the redirect_to parameter for the Redirection & Shortcode flows.
Added the plugin documentation near the plugin heading.
Optimized the code of the customer verification flow.
Optimized the code of licensing plans and redirection tab.
July 08, 2024
Added the feature to add an unlimited number of IDPs and kept the limit on activated IDPs.
Created 2 separate sub-tabs for redirection settings & SSO links, buttons settings.
Added domain mapping feature with redirection settings of the wp-login page.
Added two distinct flows for the role mapping feature to address scenarios where role mapping is not applicable for new or existing users.
Improved the UI of Service Provider Setup tab.
Added the FAQ page link to clarify the purpose of the default IDP plugin.
Fixed the relay state flow to handle query parameters present in the relay state.
Fixed the sync metadata settings respective to the environment.
Fixed the warning issue in the upgrade framework flow.
July 08, 2024
New and improved design of Attribute/Role Mapping Tab.
New and improved design of the Service Provider Setup tab.
Added logout response url option in the Service Provider Setup tab.
Added WPCLI functionality to update, activate, and import configurations into the plugin.
Added a form for syncing metadata in Service Provider Setup tab.
Added custom metadata fields to configuration file while exporting the configuration.
Added a button for Attribute Mapping Configuration in Test Configuration window.
Added an option to edit the IDP Name.
Added a hook to get complete SAML Assertion.
Added an option to configure Nickname.
Added default Public Page URL.
Added Test Configuration button below IDP Configuration.
Added an SSO User Tag for users logging in via SSO.
Updated .htaccess rules for compatibity with Apache 2.4.59 and upwords.
Fix for Error codes text formats.
Compatibility with salesforce community addon.
Updated all CSS and JS Libraries.
Updated all font-awesome icons to svg.
Updated all images to webp format.
Minor bug fixes and UI improvements.
May 10, 2024
Fix for file path issue
May 08, 2024
Added the compatibility with WordPress 6.5.
Added the compatibility with Guest User login Add-on.
Added the warnings for required PHP extensions.
Added the option to validate the assertion time of the SAML Response.
Added the option to have IDP-specific Login relay state and Logout relay state.
Added the certificate sync option from the IDP Metadata.
Added the error codes for the case of failed SSO.
Added the filter for the Role Mapping flow.
Added the version number with the plugin heading.
Fixed the import-export feature for the Multiple Environment Configuration.
Fixed the displayed warning on invalid metadata file import.
Fixed the redirection flow for users after the logout.
Improved customization of the Single Sign-On (SSO) Button displayed on the login page.
Improved the UI of the SSO Links Section.
Removed non-admin user access from the test configuration endpoint.
March 29, 2024
Added Multiple Environment Feature for configuring plugin settings for all environments (dev, test, production).
Added Metadata customization feature allowing admin to input Organization Name, Email Address, and Organization URL in the Service Provider Metadata.
Added compatibility for the IP based Redirection to IDP feature.
Fixed the compatibility issues with WP Smart Manager plugin.
Fixed invalid trigger of email updated notifications to users during SAML Authentication.
Fixed the base64_Decode issue of the Wordfence scanner.
Fixed the compatibility issues with 3rd party plugins or themes which use Utilites class name.
February 20, 2024
Added compatibility fixes for PHP 8.2.
Added confirmation screen for resetting mapping configuration.
Fixed HTTP Post binding issue with RSS feed.
Fixed Validations issues through out the plugin.
Fixed support email address through out the plugin.
Fixed Domain Mapping issues.
Fixed incorrect warning messages while configuring Service Provider Setup tab.
Minor fixes related to components text and placement.
Improved default IDP assignment flow.
Modified allowed characters for adding Identity Provider name.
Updated metadata contact information.
January 24, 2024
Fixed backdoor URL issue.
Fixed Single Logout Request using POST binding.
Fixed Vulnerabilities for XML parsing, insecure cookie creation, replay attack, exposed license file and SAML Request/Response jQuery.
Fixed iconv warning on Linux Environments.
Fixed metadata sync issue for default values.
Fixed redirection loop issue from WordPress login page.
Fixed invalid license issue on WordPress multisite environment.
January 05, 2024
Fixes in the Upgrade Notice.
Updates in the Licensing Framework.
January 01, 2024
Fixes for Shortcode functionality.
Fixes for Auto-Redirection functionality when users are logged-ins.
December 15, 2023
Added Error Codes Submenu.
Added Admin Dashboard Widget.
Added notices in the plugin.
WordPress 6.4 Compatibility.
Redesigned Account Info tab.
Updates in Licensing Framework.
October 18, 2023
Added proper error messages on failed domain mapping.
Added error handling for max execution time on metadata upload.
WordPress 6.3 Compatibility.
Fixed multiple roles assignment bug.
Fixed attribute key assigned if value attribute empty.
Modified the order of wp_login hook in the plugin.
Removed extra Identity Provider Name field in plugin settings.
Compatibility fixes for SiteGround hosting provider.
July 14, 2023
Bug fix for encrypted SAML Responses.
Fixes for auto-redirect functionality.
July 12, 2023
Added IDP specific shortcode.
WordPress 6.2 Compatibility.
PHP 8.1 Fixes.
UI and Bug fixes.
November 25, 2022
Added RSS feed feature.
Added IDP selector UI.
Added Azure multitenant compatibility.
Added Password Reset flow for Azure B2C.
WordPress 6.1 Compatibility.
Updated bootstrap version to 5.1.3.
Updated the Licensing Plan Page.
Fixed Single Logout for all WordPress versions.
Fixed issue with IDP-initiated SLO.
Fixed the redirect to Wordpress login page feature.
Fixed the redirect-loop issue for public page url.
Fixed issue with displaying custom attributes in user menu for a new user after SSO.
Fixed RelayState URL for SSO links.
Fixed issue in color picker and position of SSO login button.
Fixed the auto-selection of default idp.
Some bug fixes.
September 22, 2022
XSS Vulnerability fixes for malformed SAML Response in Test Configuration flow.
Wordfence Compatibility Fixes.
September 17, 2022
Added compatibility fixes with WP SAML IDP plugin.
Minor bug fix.
August 04, 2022
Compatibility with WordPress 6.0.
Fixed Domain Mapping issue for Disabled IDPs.
Updated SAML handbook links.
February 09, 2022
Compatibility with WordPress 5.9.
November 23, 2021
Compatibility with WordPress 5.8.
Minor UI Fixes.
November 12, 2021
Added new Certificate for Signing and Encryption.
Bug fixes.
July 16, 2021
Fixed XSS Vulnerability (CVE-2020-6850).
Updated xmlseclibs(Added support for Shibboleth encryption algorithm).
Cron fixes for blank IDP bug.
Fixed upload metadata issues with Federated Identities(Haka).
Compatibility with WordPress 5.8.
November 26, 2020
Updated SP Certificate.
Compatibility with WordPress 5.6.
Bug fixes.
October 10, 2024
Added an SSO User Tag for users logging in via SSO.
New and improved design of Attribute/Role Mapping Tab.
Added the warnings for required PHP extensions.
Added frontend validations for Backdoor URL.
Fixed the displayed warning on invalid metadata file import.
Minor bug fixes and improvements.
August 05, 2024
Added reset login button setting for SSO button.
Added Logout relay state in Redirection & SSO Links tab.
Added a form for syncing metadata in the Service Provider Setup tab.
Added the option to validate the assertion time of the SAML Response.
Added the version number with the plugin heading.
Added copy button for Shortcode in SSO links section.
Added validations on the Redirection & SSO Links tab when IDP is not configured.
Minor bug fixes and UI improvements.
July 04, 2024
Fixed a login redirect loop issue on subdomains.
May 16, 2024
Compatibility with WP 6.5.
Updates in Licensing Framework.
Fixed an XSS Vulnerability.
Fixed an issue with the subsites SSO for subdomain multisite installation.
January 01, 2024
Added Admin Dashboard Widget.
Added Error Codes Submenu.
Added notices in the plugin.
Compatibility with WP 6.4.
Redesigned Account Info tab.
Updates in Licensing Framework.
July 24, 2023
Compatibility with siteground hosting.
Compatibility with WP 6.2.
July 24, 2023
Updated XML Security Library.
Compatibility with WP 6.1.
Fixes for PHP 8.1.
Fixes in Single Logout flow.
November 14, 2022
Compatibility with Wordfence Scanner.
september 29, 2022
Vulnerability fix for malformed SAML Response.
Security fix for open redirect vulnerability.
Modified .htaccess rules.
Updated handbook links.
Fixed an issue with the subsites list for more than 500 subsites.
Fixed apply certificate button.
June 22, 2022
Added IDP selector UI.
Added Add-ons tabs.
Added check for archived and deleted subsites for license verification.
Added Compatibility with WordPress 6.0.
Updated licensing plans.
Updated bootstrap version to 5.1.3
Fixed Single Logout for different WordPress versions.
Fixed an issue with color picker for the Custom login button.
Fixed access restriction for the resource files.
February 08, 2022
Compatibility fixes for WordPress 5.9.
November 23, 2021
Compatibility fixes for WordPress 5.8.
Minor UI Fixes.
November 16, 2021
Added new x509 certifcate for Signing and Encryption.
Minor bug fixes.
April 09, 2021
Compatible with PHP8.
Compatible with WordPress 5.7.
Import Metadata Fix.
Vulnerability fixes.
November 26, 2020
New Certificate for Signing and Encryption.
Compatible with WordPress 5.6.
Vulnerability fixes.