Skip to content

Instantly share code, notes, and snippets.

@grand-lotus-iroh

grand-lotus-iroh/miniorange-sso-saml2-option6-auto-redirect-wordpress.php

Last active November 13, 2025 01:04
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save grand-lotus-iroh/b8e00a3b0beacf6319eacefd5be3f4fa to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save grand-lotus-iroh/b8e00a3b0beacf6319eacefd5be3f4fa to your computer and use it in GitHub Desktop.
Download ZIP
MiniOrange SSO (SAML 2.0 Option 6) – Auto-Redirect from WordPress Login (Server-Side, No Flicker)
Raw
miniorange-sso-saml2-option6-auto-redirect-wordpress.php
/*
* MiniOrange SSO Auto-Redirect for WordPress (SAML 2.0 Option 6)
*
* Effortlessly redirect users from the default WordPress login page (wp-login.php)
* to your miniOrange SAML 2.0 Single Sign-On (SSO) provider.
*
* Features:
* - Automatic server-side redirect using wp_redirect() on the init hook
* - Zero flicker: users never see the WordPress login page
* - Preserves 'redirect_to' parameter for smooth post-login navigation
* - Only redirects users who are not logged in
* - Blocks local WordPress login attempts for enhanced security
*
* This snippet provides a seamless WordPress SSO experience with miniOrange,
* implementing Option 6 Auto-Redirection for SAML 2.0.
*
* Keywords: MiniOrange SSO, WordPress login redirect, wp-login.php auto redirect,
* SAML 2.0 Option 6, WordPress SAML SSO, WordPress Single Sign-On
*/
// Auto-redirect to SSO from wp-login.php (Server-side, no flicker)
function auto_redirect_to_sso_server_side() {
// Only run on wp-login.php, not during SSO callback or other actions
if ( $GLOBALS['pagenow'] === 'wp-login.php' &&
empty($_GET['action']) &&
empty($_POST['option']) &&
empty($_POST['log']) &&
!is_user_logged_in() ) {
// Get the base URL
$sp_base_url = site_url();
// Build the SSO URL
$sso_url = $sp_base_url . '/?option=saml_user_login';
// If there's a redirect_to parameter, preserve it
if (!empty($_GET['redirect_to'])) {
$sso_url .= '&redirect_to=' . urlencode($_GET['redirect_to']);
}
// Redirect immediately before any output
wp_redirect($sso_url);
exit;
}
}
add_action('init', 'auto_redirect_to_sso_server_side', 1);
// Block local login authentication (keep this for security)
function remove_local_login_authentication($user, $username, $password) {
// Allow SSO authentication to proceed
if (!empty($_POST['option']) && $_POST['option'] === 'saml_user_login') {
return $user;
}
// Block any local login attempts
if (!empty($username) || !empty($password)) {
return new WP_Error('local_login_disabled', 'Local login is disabled. Please use SSO.');
}
return $user;
}
add_filter('authenticate', 'remove_local_login_authentication', 1, 3);
@grand-lotus-iroh
Copy link
Author

grand-lotus-iroh commented Nov 13, 2025 

/*
 * MiniOrange SSO Auto-Redirect (SAML 2.0 Option 6) for WordPress
 *
 * This snippet automatically redirects users from the default WordPress login page
 * (wp-login.php) to your miniOrange SSO provider, without showing the login page.
 *
 * Key points:
 * - Uses a server-side redirect (wp_redirect on the init hook) → instant redirect, no flicker.
 * - Preserves the 'redirect_to' parameter if the user was trying to access a specific page.
 * - Only redirects users who are not logged in.
 * - Blocks local login attempts for added security.
 *
 * Result: Users experience a smooth SSO login, going straight to the Identity Provider
 * without seeing the WordPress login screen.
 */

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment