I administer a Shibboleth-fronted multisite WordPress install, and I have users (including myself) who would like to use the iOS WordPress app. Unfortunately, the nature of our Shibboleth deployment is that users are prompted by the SP with a university-centralized Shibboleth login page, authenticated, then returned to WordPress with their auth token. We're using the Shibboleth WordPress plugin from the WP plugin repository.
Has anyone overcome this kind of issue so that the app can be used with an external authentication provider? Many thanks.
We solved this situation at our University. Setup/configuration of WP really depends on your requirements. For example here is one of our use-case which I think may answer your question. We use multisite (sub-domain) WP. General requirements:
We wrote our own Shibboleth plugin which is a simplified version of the WP Shibboleth plugin that is specific for our use-cases. We also wrote our own WP ldap auth plugin (we didnt like the existing ldap plugins). When a user attempts to access the console, they are prompted with a login page. The login page consists of a form (username/password for local or ldap auth) and a link for Shibboleth users. The user is allowed to use any one of the three authentication systems to access WP console.
The key to all this is our shibboleth plugin. Our plugin does not force/require shibboleth authentication. If the user is not authenticated via Shibboleth, then the Shibboleth plugin returns a failure; and WP attempts to authenticate the user with other authentication methods, e.g. local/WP auth. Shibboleth authentication is initiated by the user in the login page with the Shibbolized login link (basically a lazy session url).