UGRM - UFAD Groups to Roles Munger for Wordpress
The Museum has many projects, planned and in production, that rely on Wordpress as a content management system. A Shibboleth plugin for Wordpress already exists that enables Wordpress to authenticate via Shibboleth. However, the existing plugin is limited to one key value pair from a Shibboleth attribute to a Wordpress role.
This means that if you wish to assign all faculty to a role of editor, you are set. However, you cannot assign a specific group or subset of faculty to a role, as the mapping is one attribute value to a role. The current Shibboleth plugin does not support regular expressions, so it is unable to parse a single value from an attribute.
The Museum needed a way to easily manage many users and groups of users with varying levels of access to Wordpress without introducing another username and password for everyone to remember. So, the UGRM plugin was born.
UGRM --> UFAD Groups to Roles Munger is a Wordpress plugin that extends the existing Shibboleth plugin via the shibboleth_user_role filter hook. We chose this approach as it does not create a Shibboleth plugin fork and is upgrade safe.
Once activated, the UGRM plugin provides an options page where you enter a UFAD group for each Wordpress role. So long as your Shibboleth URN is enrolled for ARP-Groups and your SP is vending UFADGroupsDN, you can then manage Wordpress access by UFAD group membership.
The plugin has been tested with single site Wordpress installs. We will be testing it with multisite installations in the near future. The plugin also does not currently support transitive group membership, ie no groups in groups in groups. This is not a limitation of the plugin but a limitation of the current UF Shibboleth implementation. UF Shibboleth IDP does not currently vend transitive group information, so the plugin can never be aware of transitive group membership.
Check out these nifty screenshots:
The plugin is available on the Wordpress plugin directory at http://wordpress.org/extend/plugins/ugrm/.