Piwigo.org

Larry · 2024-07-13 16:03:20

Hi

I currently have Piwigo installed in a subdirectory of my WordPress site. It's integrated nicely and responsive using an iframe.

I've created a WordPress plugin that syncs user data and default user_infos between WordPress and PWG.

To eliminate the need for users to log in twice, I'm exploring a Single Sign-On (SSO) approach. Here's my plan:

When a logged-in WordPress user visits the page with the PWG iframe, a PHP function is triggered.
This function would use cURL to send the user's login credentials to PWG's identification, automatically logging them in.
A similar mechanism would handle user logout.

What are your thoughts on this approach? Are there any alternative solutions or security considerations I should be aware of?

Larry

netchild · 2024-07-18 10:46:27

There is also the possibility to use OpenID Connect (OIDC). There's a "OpenID Connect" plugin for Piwigo, and for wordpress you can use https://wordpress.org/plugins/miniorang … facebook/.

This requires an OIDC provider (e.g. keycloak or authelia). It may be a steep learning curve, but those can also be used for other stuff.

Works for me here (except that the piwigo NG app can't authenticate).

damon18 · 2025-03-07 23:17:22

@Larry
Were you able to create a SSO plugin for WordPress? I'd like to integrate Piwigo and WordPress for my users.

dummer-esel · 2025-03-07 23:53:28

+1

ddtddt · 2025-03-08 05:30:36

Hi:-)

You can install lemonldap and use [extension by jasperweyne] OpenID Connect in Piwigo

dummer-esel · 2025-03-10 23:13:42

ddtddt wrote:
You can install lemonldap and use [extension by jasperweyne] OpenID Connect in Piwigo

as far as i see you need admin rights on the server to install lemonldap... is there any alternative for a managed web server, too? (like there is for pwg and wordpress etc.)

odfhgnefjnv · 2025-04-08 15:13:25

ddtddt wrote:
Hi:-)

You can install lemonldap and use [extension by jasperweyne] OpenID Connect in Piwigo

I guess this works when using official Piwigo installation method. However I would assume many people are using the LinuxServer docker image (as I intend to do). In that docker container the plugin does not work because of symlinks. The corresponding [Github] docker-piwigo issue #70 had its last activity a year ago, the issue is closed now. The plugin's repo is dead, issues get no response and pull requests are not merged.

If the plugin would work I'd love to use Piwigo, it is exactly what I am looking for, however the missing/broken OIDC login makes it completely unsuitable for the already existing setup.

I have also tried the Social Connect plugin but that seems weird (you enter the config url when logging in - can users just input their own there??) and I can't get it to work

jennifer · 2025-04-11 09:21:16

Hi Larry,

Your approach for implementing Single Sign-On (SSO) between WordPress and Piwigo (PWG) sounds practical and should work well for providing a seamless login experience for your users. Using **cURL** to send login credentials from WordPress to PWG is a solid method, as long as you ensure that the credentials are securely transmitted (use HTTPS to protect sensitive data). Additionally, it’s important to validate that the authentication process on PWG’s side is secure and that the session management is properly handled, especially to prevent unauthorized access.

One thing to consider is using **OAuth** or **JWT (JSON Web Tokens)**, which are more modern, secure, and scalable authentication methods for SSO implementations. These approaches would allow your WordPress site and PWG to communicate more securely without having to pass sensitive credentials back and forth.

Also, ensure you have proper **session expiration** and **logout mechanisms** in place, so that users aren’t inadvertently left logged in across both platforms after their session ends.

Overall, your approach is good, but exploring OAuth or JWT might be worth the extra effort for long-term security and scalability.

Best,
jennifer

alidemir · 2025-05-01 16:13:50

jennifer wrote:
Hi Larry,

Your approach for implementing Single Sign-On (SSO) between WordPress and Piwigo (PWG) sounds practical and should work well for providing a seamless login experience for your users. Using **cURL** to send login credentials from WordPress to PWG is a solid method, as long as you ensure that the credentials are securely transmitted (use HTTPS to protect sensitive data). Additionally, it’s important to validate that the authentication process on PWG’s side is secure and that the session management is properly handled, especially to prevent unauthorized access.

One thing to consider is using **OAuth** or **JWT (JSON Web Tokens)**, which are more modern, secure, and scalable authentication methods for SSO implementations. These approaches would allow your WordPress site and PWG to communicate more securely without having to pass sensitive credentials back and forth.

Also, ensure you have proper **session expiration** and **logout mechanisms** in place, so that users aren’t inadvertently left logged in across both platforms after their session ends.

Overall, your approach is good, but exploring OAuth or JWT might be worth the extra effort for long-term security and scalability.

Best,
jennifer

Thank you Jennifer, this was a really insightful comment.

Piwigo.org

Announcement

#1 2024-07-13 16:03:20

SSO approach for PWG integration with WordPress

#2 2024-07-18 10:46:27

Re: SSO approach for PWG integration with WordPress

#3 2025-03-07 23:17:22

Re: SSO approach for PWG integration with WordPress

#4 2025-03-07 23:53:28

Re: SSO approach for PWG integration with WordPress

#5 2025-03-08 05:30:36

Re: SSO approach for PWG integration with WordPress

#6 2025-03-10 23:13:42

Re: SSO approach for PWG integration with WordPress

ddtddt wrote:

#7 2025-04-08 15:13:25

Re: SSO approach for PWG integration with WordPress

ddtddt wrote:

#8 2025-04-11 09:21:16

Re: SSO approach for PWG integration with WordPress

#9 2025-05-01 16:13:50

Re: SSO approach for PWG integration with WordPress

jennifer wrote:

Board footer