Directories and wordpress: what a fun! But how logout?

[vidierre]

I am opening this topic because, just for fun, I was trying to integrate the new directories functionality with Wordpress. I cannot consider me an expert, but I am happy to explore, so may be that what I write hereafter could be based on wrong assumptions. Please correct me!

My thought was to use CASPIO Directories as an IDP and configure Wordpress as a Service Providers. 

• so I started installing the miniOrange SSO using SAML 2.0 wordpress plugin
• from the plugin settings, looking into the Service Provider Metadata tab I got the SP-EntityID / Issuer and the ACS (AssertionConsumerService) URL parameters
• with these I created an app connection into my CASPIO directory. From its Identity Provider setting section I got the Identity provider identifier and the Single sign-on URL IDP parameters
• going back to the miniorange settings, I configured a Custom IDP with these parameters and pasted the CASPIO certificate

The result is that I got an extra login button with the App name defined in CASPIO Directories. When I use it I successfuly got redirected to my user portal where I can login with CASPIO credentials.

Now the question is about logout. If I logout from wordpress when I login again (with the wonderful saml) it seem I am already logged in and no crewdentials are required.  How can I logout also from CASPIO?

To do these tests I found useful these readings:

• to understand SAML  https://www.onelogin.com/learn/saml  https://blog.miniorange.com/what-is-the-difference-between-saml-and-oauth/
• to configure plugin https://plugins.miniorange.com/saml-single-sign-on-sso-wordpress-using-custom-idp
• to know more about CASPIO directories https://howto.caspio.com/getting-started-videos/video/?vid=DFBA3433A82049E9A986E742F3871CB8&pvid=EFBEF423FE054FC0BF755FBB635784F9&menu=menu-item-27513&menu=menu-item-27513&title=Caspio Directories

 

[vidierre]

UPDATE

1. @ParkLoey I think that if you make available a Directory structure is very belittled if it is "just for Caspio app use". This for two reasnons: the first is that a Directory is very useful if it can be work like and identity provider for other system; the second is that CASPIO cannot undervaluate the potential of Wordpress used as front-end. Tons of functions easy to implement with wordpress are very far to be implemented with CASPIO.
2. ANYWAY I FOUND THE SOLUTIONS and is quite simple. From Wordpress you need to set the logout URL redirection to the CASPIO URL logout. In this way when users logout they quit the session with Wordpress and then also the CASPIO one.

The only contraindication is the miniorange plugin price. You can have this functionality with the Free one too, but at login your users will be redirected to the wordpress dashboard. This could be undesired.

[ParkLoey]

Nice workflow you got there, @vidierre! Although my thoughts about Caspio's Directories was just for Caspio app use, yours look great. It looks like Directories is still on beta period, perhaps the logout option will be added soon enough. Will be following this thread for future references. Would also add the article they have for creating user portals:

https://howto.caspio.com/directories/directory-user-portal/user-portal-pages/

 

[Aether]

Hey there! Caspio releases new enhancements to the Caspio Directories feature, check this out: 

- Ability to enhance user profiles with field values using Text64000, Number, Integer, and Yes/No data types 
- Ability to include user profile fields using data from a related table
- Ability to customize the fields shown in the user list view 
Source: https://howto.caspio.com/release-notes/caspio-37-0/caspio-37-0/#:~:text=Enhancements to Caspio Directories

[IamNatoyThatLovesYou]

Hi Everyone, there is a single logout function that can be used in Directories! You can check more info on their release note.

- https://howto.caspio.com/release-notes/caspio-41-0/#:~:text=Enhancements to Caspio Directories 

 

[Aether]

Hey there! Caspio releases new enhancements to the Caspio Directories feature, check this out: 

• Page redirection options for sign-in and sign-out.
• Single logout (SLO) from third-party connected apps, so users are automatically logged out from the directory when logging out from a connected app.
• Ability to display a custom background image on the sign-in page, providing you with another way to customize your app’s login experience.

Source: https://howto.caspio.com/release-notes/caspio-43-0/#:~:text=Enhancements to Caspio Directories

[ParkLoey]

Hey there! Just wanted to add some enhancements to the recent Caspio release:

• Option to customize email templates for notifications sent from directories
• Ability to remove Caspio branding from user portal pages and emails

https://howto.caspio.com/release-notes/caspio-44-0/#:~:text=Enhancements to Caspio Directories

[vidierre]

I'm pretty confident that the work CASPIO is doing on the directories will continue until they become a crucial mechanism.
As of now, it seems to me that they're missing (or maybe I just haven't figured them out) two essential features for real-world production use:
1. User self-registration with email verification. Currently, I'm managing this with some data pages and traditional authentication.
2. Self-service password recovery.

This was my thought until 44.0 now I have to try it.

 

[vidierre]

Hi @ParkLoey I'm still studing the CASPIO Directory functionality, after the Rel.41  I was hoping to get the solutions but, again I was unable to make working the Single Logout Function within a SAML environment. My feeling is that Directory functionality is built for Enterprise plan where other stuff can be integrated (i.e. self service reset psw) form a "Growth Plan" point of view cannot be used as-is. You wrote that your "thoughts about Caspio's Directories was just for Caspio app use"  but this is not what CASPIO declares into the documentation:

Quote

App connections enable a directory to act as an identity provider to external services. For example, a directory administrator can add app connections to authenticate directory users to apps supporting SAML single sign-on (SSO), for example HubSpot, Slack, Zoom, etc.

Up to now I cannot use directory in my app because:

1. May be I am not still able to use them
2. There is no mechanism for self registration - You can workaround as you like but at the end one real person has to logon into CASPIO account and activate the registered users
3. There is no mechanism for self password-reset
4. The attributes returned on logon are only:
   • http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
   • email
   • NameID

My overall feeling is that CASPIO, from its first steps at the beginning of 2000, is becaming tied only with high budget companies. There are some things that is very incomprehensible why he didn't try to modify them to make more appealing the platform.

[ParkLoey]

Hi everyone! Just wanted to inform this thread about Caspio's latest update. They have finally added customizable sign-out URL for directories! More information here: 

https://howto.caspio.com/release-notes/caspio-49-0/#:~:text=we added a-,sign-out URL,-that app authors