Initial commit; add session id header override

options-admin.php

@@ -124,6 +124,9 @@ function shibboleth_options_general() {
 		if ( ! defined( 'SHIBBOLETH_PASSWORD_RESET_URL' ) && isset( $_POST['password_reset_url'] ) ) {
 			update_site_option( 'shibboleth_password_reset_url', esc_url_raw( wp_unslash( $_POST['password_reset_url'] ) ) );
 		}
+		if ( ! defined( 'SHIBBOLETH_SESSION_ID_HEADER' ) && isset( $_POST['session_id_header'] ) ) {
+			update_site_option( 'shibboleth_session_id_header', sanitize_text_field( wp_unslash( $_POST['session_id_header'] ) ) );
+		}
 		if ( ! defined( 'SHIBBOLETH_DEFAULT_TO_SHIB_LOGIN' ) ) {
 			update_site_option( 'shibboleth_default_to_shib_login', ! empty( $_POST['default_login'] ) );
 		}
@@ -149,6 +152,8 @@ function shibboleth_options_general() {
 	$constant = $constant || $from_constant;
 	list( $password_reset_url, $from_constant ) = shibboleth_getoption( 'shibboleth_password_reset_url', false, false, true );
 	$constant = $constant || $from_constant;
+	list($session_id_header, $from_constant) = shibboleth_getoption('shibboleth_session_id_header', false, false, true);
+	$constant = $constant || $from_constant;
 	list( $attribute_access, $from_constant ) = shibboleth_getoption( 'shibboleth_attribute_access_method', false, false, true );
 	$constant = $constant || $from_constant;
 	list( $attribute_access_fallback, $from_constant ) = shibboleth_getoption( 'shibboleth_attribute_access_method_fallback', false, false, true );
@@ -224,6 +229,13 @@ function shibboleth_options_general() {
 				<?php echo wp_kses_post( __( 'If this option is set, wp-login.php will send <b><i>ALL</i></b> users here to reset their password.', 'shibboleth' ) ); ?>
 			</td>
 		</tr>
+		<tr valign="top">
+			<th scope="row"><label for="session_id_header"><?php esc_html_e( 'Session ID Header', 'shibboleth' ); ?></label></th>
+			<td>
+				<input type="text" id="session_id_header" name="session_id_header" value="<?php echo esc_attr( $session_id_header ); ?>" size="50" <?php defined( 'SHIBBOLETH_SESSION_ID_HEADER' ) && disabled( $session_id_header, SHIBBOLETH_SESSION_ID_HEADER ); ?> /><br />
+				<?php echo wp_kses_post( __( 'If this option is set, the entered value will override the default Shibboleth header which maps to the Session ID.', 'shibboleth' ) ); ?>
+			</td>
+		</tr>
 		<tr valign="top">
 			<th scope="row"><label for="attribute_access"><?php esc_html_e( 'Attribute Access', 'shibboleth' ); ?></label></th>
 			<td>

readme.txt

@@ -111,6 +111,10 @@ Yes, the plugin allows for all settings to be controlled via constants in `wp-co
    - Format: string
    - Available options: none
    - Example: `define('SHIBBOLETH_PASSWORD_RESET_URL', 'https://sso.example.com/account/reset');`
+   - `SHIBBOLETH_SESSION_ID_HEADER`
+   - Format: string
+   - Available options: none
+   - Example: `define('SHIBBOLETH_SESSION_ID_HEADER', 'REDIRECT_MYShib_Shib_Session_ID');`
  - `SHIBBOLETH_SPOOF_KEY`
    - Format: string
    - Available options: none

shibboleth.php

@@ -206,6 +206,7 @@ function shibboleth_activate_plugin() {
 	add_site_option( 'shibboleth_auto_combine_accounts', 'disallow' );
 	add_site_option( 'shibboleth_manually_combine_accounts', 'disallow' );
 	add_site_option( 'shibboleth_disable_local_auth', false );
+	add_site_option( 'shibboleth_session_id_header', '' );
 
 	$headers = array(
 		'username' => array(
@@ -376,7 +377,8 @@ function shibboleth_admin_hooks() {
 function shibboleth_session_active( $auto_login = false ) {
 	$active = false;
 	$method = shibboleth_getoption( 'shibboleth_attribute_access_method' );
-	$session = shibboleth_getenv( 'Shib-Session-ID' );
+	$session_id_header = shibboleth_getoption('shibboleth_session_id_header') ? shibboleth_getoption('shibboleth_session_id_header') : 'Shib-Session-ID';
+	$session = shibboleth_getenv( $session_id_header );
 
 	if ( $session && 'http' !== $method ) {
 		$active = true;