Configuring for Shibboleth

First off, you need to prevent WordPress from intercepting calls to the Shibboleth endpoints.  Otherwise, attempts to log in will instead redirect you to the WordPress “page not found” page.  Add the following to the .htaccess file above the “# BEGIN WordPress” line:

 # Shibboleth quick-exit
 RewriteEngine on
 RewriteCond %{REQUEST_URI} ^/Shibboleth.sso($|/)
 RewriteRule . - [L]

Now go ahead and install & activate the Shibboleth plugin by NIIF to provide WordPress with Shibboleth support.

The plugin is pre-configured well and works out-of-the-box; however, there are a few changes that should be made related to OSU’s individual environment.  Go to ‘Settings’ and pick ‘Shibboleth’.

  • Session Initiator URL / Logout URL – If you are installing WordPress in a subdirectory instead of the website’s root then you will need to remove that subdirectory from these URLs so that they read and /Logout.  You may also need to add a route exception for the Shibboleth IDP response to your .htaccess file.  If your Shibboleth Logins are looping, see this page for additional settings.
  • Password Change URL – This is the link provided to users when they want to change their password.  Set it to
  • Password Reset URL – For tech support needs like this you will probably want to send them to
  • Shibboleth is default login – If you wish to forego the standard WordPress login system and just use Shibboleth for everything, check this box.  You can still access the WordPress login for emergency local accounts and such by using the URL
  • User Profile Data – When the user first logs in, certain profile fields are auto-populated with data from the Shibboleth session.  The user can then go and change the values to what they wish unless those data fields are checked here.  If you plan to offer accounts to people then you are strongly encouraged to utilize these field data restrictions to ensure user accountability and profile consistency with other University systems.
  • Default Role – There appears to be a bug in the current module which needs it to be set to its lowest setting of “Subscriber”.  Otherwise WordPress will not make the initial connections between Shibboleth logins and existing WordPress accounts.  This setting will not overwrite the role you assign to the account; however, it will allow anyone with a Shibboleth account to log into the dashboard as a basic Subscriber-level user generating a WordPress account in the process.  This setting is only required for new users though – after a user has logged in once a link is established between his/her Shibboleth and WordPress accounts which will continue to work even if this setting is restored to its original value of “(none)”.
  • Update User Roles – Most users will not want this enabled.

Need More Information?

Is OSU Web Hosting right for you? Check your eligibility.

More questions? Check the support section or contact us.

Ready to get started? Request hosting now!