=== SSO JumpCloud - Enterprise SAML & SCIM ===
Contributors: airtonvancin
Donate link: https://www.buymeacoffee.com/airton
Tags: saml, sso, jumpcloud, authentication, security
Requires at least: 5.0
Tested up to: 6.9
Stable tag: 1.1.6
Requires PHP: 7.2
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Securely connect WordPress with JumpCloud for Enterprise SSO via SAML 2.0 and automated user provisioning via SCIM.

== Description ==

SSO JumpCloud - Enterprise SAML & SCIM is a powerful Enterprise-ready plugin that effortlessly connects your WordPress site with JumpCloud using SAML 2.0.

Designed for security-conscious organizations, it provides seamless single sign-on (SSO), automated user provisioning, and advanced role mapping. With our newly released Enterprise Premium Edition, you can now manage complex access requirements and maintain detailed audit trails.

**Key Features:**
*   **Easy Setup:** Connect to JumpCloud in minutes using Entity ID, SSO URL, and Certificate.
*   **Automatic User Creation:** New users from JumpCloud are automatically created in WordPress upon their first login.
*   **Secure Authentication:** Uses verified SAML 2.0 protocols to ensure your data stays safe.
*   **Developer Friendly:** Clean code, hooks for customization, and minimalist design.

== Premium Features ==

Unlock the full power of your enterprise identity management with:
*   **Group-Based Access Control:** Restrict login access to specific JumpCloud groups.
*   **Role-Based Redirects:** Define custom landing pages for different user roles.
*   **Automated Role Mapping:** Dynamically assign WordPress roles based on JumpCloud groups.
*   **Comprehensive Audit Logs:** Track every SSO login attempt with detailed metadata.
*   **Enterprise Support:** Priority assistance for complex deployments.

== Premium Subscription ==

The Premium features are available via a monthly or annual subscription. 

**How to Activate:**
1. Go to the **Premium Features** tab in the plugin settings.
2. If you don't have a subscription yet, use the secure Stripe pricing table to subscribe.
3. Once subscribed, simply click the **"Check Subscription Status"** button.
4. The plugin will automatically verify your subscription using your administrator email and activate all premium features instantly.
5. You can manage your subscription at any time via the **Stripe Customer Portal** link provided in the same tab.

== Installation & Setup Guide ==

Configuring Enterprise SSO and Provisioning requires a few steps in both JumpCloud and WordPress. Follow this guide for a flawless setup.

### Part 1: JumpCloud Configuration (SAML 2.0)
1.  Log in to your **JumpCloud Admin Portal**.
2.  Navigate to **SSO Applications** and click **"+"** to add a new application.
3.  Search for **SAML 2.0** and select **Custom SAML App**.
4.  In the **General Info** tab, name it "WordPress SSO".
5.  In the **SSO** tab, enter the following (copy these from your WordPress Plugin settings):
    *   **IdP Entity ID:** Your unique ID (e.g., `wp-sso-your-site`).
    *   **SP Entity ID:** Copy from Plugin (usually your Site URL).
    *   **ACS URL:** Copy from Plugin (usually `https://your-site.com/?jumpssco_acs`).
    *   **SAMLSubject NameID:** Default to `email`.
    *   **SAMLSubject NameID Format:** `urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress`.
6.  In **Attributes**, add:
    *   `email` -> `email`
    *   `firstname` -> `firstname`
    *   `lastname` -> `lastname`
7.  Click **save** and then **export Metadata** or copy the **SSO URL**, **Entity ID**, and download the **IDP Certificate**.

### Part 2: WordPress Plugin Setup
1.  Install and Activate the plugin.
2.  Go to **Settings > SSO JumpCloud**.
3.  In the **General** tab, paste the **IDP Entity ID**, **IDP SSO URL**, and the **X.509 Certificate** obtained from JumpCloud.
4.  Click **Save Settings**.
5.  Use the **"Test Configuration"** button to ensure the connection is established.

### Part 3: SCIM Provisioning (Enterprise Feature)
*Note: Requires an active Enterprise Premium subscription.*
1.  In the plugin settings, go to the **SCIM Provisioning** tab.
2.  Toggle **"Enable SCIM Provisioning"** to ON.
3.  Copy the **SCIM Base URL** and the **Bearer Token**.
4.  In JumpCloud, go to your Application's **Identity Management** tab.
5.  Select **SCIM 2.0**.
6.  Paste the **Base URL** and **Bearer Token**.
7.  Test the connection in JumpCloud and click **Activate**.

### Part 4: Final Testing
*   Open an Incognito/Private browser window.
*   Go to your WordPress login page.
*   Click the **"Login with JumpCloud"** button.
*   If successful, you will be authenticated and redirected to your dashboard!

== Frequently Asked Questions ==

= Where do I find the SAML metadata in JumpCloud? =
In your JumpCloud Admin Console, go to SSO -> Your SAML Application -> Details tab. You will find the IDP Entity ID, SSO URL, and you can download the certificate.

= Does it support Just-in-Time (JIT) provisioning? =
Yes, by default, users are created as they log in for the first time if they don't exist in WordPress.

== Screenshots ==
1. Settings page showing fields for Entity ID, SSO URL, SLO URL, and Certificate.


== Changelog ==

= 1.1.4 =
* Fix: Improved Audit Logs table layout with aggressive CSS overrides to prevent stacked cells in settings page.
* Add: Support for horizontal scrolling in Audit Logs container.

= 1.1.3 =
* Adjusted Audit Logs table CSS to prevent broken layout in 2-column settings view
* Added fixed maximum height (400px) and vertical scrollbar to Recent Activity section
* Improved table responsiveness for long log messages

= 1.1.2 =
* Added periodic license validation with Supabase server (12-hour cache)
* Added "Revalidate License" button for immediate license verification
* License is now automatically deactivated if invalid on server
* Updated Portuguese (pt_BR) translations with new strings
* Improved license status handling and error messages

= 1.1.1 =
* Added Product Hunter banner.
* Change link visit plugin page.
* Update license activation message to remove upgrade link
* Refine plugin security and WPCS compliance

= 1.1.0 =
* **Major Release: Enterprise Premium Suite.**
* Added Premium Features: Group-Based Access Control, Role-Based Redirects, and Audit Logs.
* Implemented real-time license activation system integrated with Supabase and Stripe.
* Added modern two-column settings layout with sticky sidebar and responsive design.
* Fixed license activation persistence issue across different settings tabs.
* Integrated Live Stripe Pricing Table and Customer Portal for subscription management.
* Improved settings sanitization and added cache invalidation for immediate feature availability.
* Refined CSS and UI components for better visual consistency and error handling.
* Removed redundant License ID field in favor of e-mail based activation.
* Added comprehensive documentation and activation instructions.

= 1.0.7 =
* Updated all default plugin texts from Portuguese to English for better internationalization.
* Regenerated and updated Portuguese (pt_BR) and Spanish (es_ES) translation files.

= 1.0.6 =
* Fixed "Invalid SSO request" error by replacing the server-side redirect with a more robust client-side JavaScript redirect when "Disable Default Login" is active.

= 1.0.5 =
* Major UI/UX overhaul for the settings page for a modern, intuitive, and clean experience.
* Added descriptions for all settings fields.
* Replaced static descriptions with interactive toggles to show/hide help text.
* Added copy-to-clipboard buttons for SP Metadata URLs for easier configuration.
* Clarified optional and required fields.
* Moved "Disable Default Login" setting to the General tab.
* Made "Disable Default Login" feature available for all users.
* Fixed a bug with the copy-to-clipboard functionality in non-secure (http) contexts.

= 1.0.4 =
* Improve SAML response error handling in ACS endpoint.
* Add detailed error messages for authentication failures.
* Validate email presence in SAML response.
* Add error checking for user creation process.

= 1.0.3 =
* Improve Test Configuration feedback visibility with dedicated message container.
* Add comprehensive console logging for debugging AJAX flow.
* Simplify SAML validation to prevent server errors.

= 1.0.2 =
* Fix Test Configuration button functionality with improved validation and user feedback.
* Standardize option names across the plugin (jumpssco_sso_settings).
* Add detailed validation messages for SAML configuration.
* Improve JavaScript error handling and visual feedback.

= 1.0.1 =
* Add vendor folder.

= 1.0.0 =
* Initial release with basic SSO and metadata support.

== Upgrade Notice ==

= 1.0.8 =
This version introduces the Enterprise Premium Edition, including Group-Based Access Control, Role-Based Redirects, and Audit Logs. It also features a completely redesigned two-column settings interface.

= 1.0.7 =
This version updates all default plugin texts to English and includes refreshed translation files for Portuguese (pt_BR) and Spanish (es_ES).

= 1.0.6 =
This version fixes a critical bug that caused an "Invalid SSO request" error when the "Disable Default Login" feature was enabled. The login flow is now more robust.

= 1.0.5 =
This version includes a major UI/UX overhaul for the plugin settings page, bringing a more modern and intuitive experience. It also includes several usability improvements like copy-to-clipboard buttons and interactive help text.

= 1.0.4 =
Improved error handling for SAML authentication with detailed error messages.

= 1.0.3 =
Fully functional Test Configuration with visible success/error messages.

= 1.0.2 =
Improved Test Configuration functionality with better validation and user feedback.

= 1.0.1 =
Add vendor folder.

= 1.0.0 =
Initial stable release.