• Requires at least: 5.6
• Tested up to: 6.1.1
• Requires PHP: 7.4
• License: MIT
• License URI: https://mit-license.org/
• Terms of usage

This plugin integrates with the SSO2 single sign on solution for Tulo Payway. It provides basic login/logout functionality as well as session identification.

From version 1.2.0 the plugin now also supports Tulo Paywall.

• Wordpress: Tested with 6.1.1
• PHP: Tested with php 8.0.27
• Tulo Paywall support

• Download the latest version of the plugin from github and unzip it in the wp-content/plugins directory.
• Activate the plugin through the "Plugins" menu in Wordpress.
• Configure the plugin.

After activating the plugin you will find the plugin configuration in WP-admin under Settings/Tulo Payway SSO2.

First of all you will need to create an API user in Tulo Payway Admin. Go to Payway administration, security and API users. Press "New".

• Name, enter name for API user, can be anything but should represent what kind of user this is.
• Redirect URI, needs to point at the landing.php page in the plugin, look at the configuration page to get the link.
• Offline access, not needed
• SSO2 Client, check this, important!!
• Scopes, the user will need the following scopes: /external/me/w
• Origin urls, add urls that should be able to call use this API user, leave empty when developing.
• Save user.

When the API user has been created, you can see two new properties: Client ID and Secret. Copy these to the next step in configuration.

Add API Client id and API Secret as specified for the API user created in the previous step.

• Session refresh timeout - Enter the number of seconds that should pass before checking status for Tulo Payway session. Default is 360 seconds and in production it should not be less than this, in development you can change it to a lower value which makes it easier for development.
• Organisation id - Enter the Payway organisation id
• Set restrictions for new pages/posts
• Define towards which Payway environment the plugin should operate. (stage or production)
• Authentication URL, this can be used if the site won't implement their own login-form. See below for more details

If the users should be authenticated on another SSO2 enabled website (such as the Payway portal), please enter the URL here. The URL should point to a page where the user can login, and after successful login be redirected back to this site.

The authentication URL can include replacement variables {currentOrganisation} and {currentUrl} which can be applied to any part of the URL.

Example authentication URL when logging in using the Payway portal:

https://{currentOrganisation}.payway-portal.stage.adeprimo.se/login/index?continue={currentUrl}

There are three different text-boxes available, one will contain code (html/css/js) that will be shown to the user if the user is trying to access restricted content and the user is not logged in. The other text-box will contain code that will be shown to the user if the user is logged but do not have access to the subscription that is required to view the content.

To get started, enter the following piece of code to be shown when the user is not logged in:

<p>This content is restricted for subscribers only. You are not logged in. Please login.</p>

<form class="js-tuloLogin is-hidden" action="/" method="POST"> <label for="email"> Email <input id="email" type="text"> </label> <label for="password"> Password <input id="password" type="password"> </label> <input type="submit" value="Login"/> </form>

To get started, enter the following piece of code to be shown when the user is not logged in:

<p>This content is restricted for subscribers only. You are not logged in. Please login.</p>

<a href="[tulo_authentication_url]">Login</a>

To get started, enter the following piece of code to be shown when the user is logged in but do not have required subscription:

Hi <b>[tulo_user_name]</b>!!<br/>
This content is restricted for subscribers only. <br/>
You are logged in but don't have a subscription that is needed to view this content.

Here you can add IP addresses that should have access to the content regardless login- and subscription-status. Add them one IP-address on each row.

• [tulo_user_name]
• [tulo_user_email]
• [tulo_user_customer_number]

The javascript provided with this plugin automatically detects any login-forms that you create on the site as long as they are decorated with the class js-tuloLogin. If the form also has a class is-hidden it will make sure to show the form only when the user is not logged in and the html is visible.

If the form can be found and the user clicks the submit button, the javascript will post an authenticate call to the plugin which will authenticate the user with Tulo Payway SSO2.

If the site will not have their own login-form, the users can login on another website defined by the configuration parameter Authentication URL (see above). This URL can be used in html as shortcode [tulo_authentication_url] like so:

Sample login link:

<a href="[tulo_authentication_url]">Please login</a>

You will also need to add a logout button somewhere on the site, for example like this:

<button class="js-tuloLogout is-hidden">Logout</button>

The javascript will find the logout button and manage it's visibility depending on whether the user is logged in or not. If the user clicks the logout button a logout-request will be sent to Tulo Payway SSO2 terminating the session. This will also terminate all other sessions the user may have in SSO2, effectively logging out the user on all sites.

If a user is authenticated with Tulo Payway SSO2 and logged into Wordpress session, you can access user information in a number of ways. The publicly available PHP functions that might be useful are located in Tulo_Payway_Session and can be used like this:

 $session = new Tulo_Payway_Session();
 $session->is_logged_in();
 $session->get_user_name();
 $session->get_user_email();
 $session->get_user_customer_number();
 $session->get_user_active_products();
 $session->user_has_subscription();

If user is logged in, the following properties are also available in localStorage:

localStorage.getItem('tulo_products');
localStorage.getItem('tulo_account_name');
localStorage.getItem('tulo_account_email');

When user logout the items in localStorage are removed.

Functionality where the user can mark a checkbox upon login to "remember" the session upon closing the browser is not supported in Tulo Payway SSO2 and not implemented in this plugin.

• If a user logs in to Tulo Payway a session is established and the user is automatically logged in to any other websites (which supports SSO2) the user visits in the same browser.
• If the user closes the browser and then re-open the browser again to go back to any of the sites connected to Tulo Payway SSO2 it gets automatically a session in SSO2 and user-data is fetched.
• If the user in the same browser logs out on any of the websites connected to Tulo Payway SSO2 it will also be logged out from all websites.

Any caching mechanism that is used with the site implementation, needs to consider if the user is logged in or not. The presence of the cookie tpw_id with a non-null value indicates that the user is logged in.

Please see our terms for more information.

Add the following to wp_config.php:

define( 'WP_DEBUG', true );
define( 'WP_DEBUG_DISPLAY', false);
define( 'WP_DEBUG_LOG', true);

Debug output will then be written to wp-content\debug.log.

The SSO plugin supports rendering of the Tulo Paywall when a visitor tries to view restricted content and not having access to the correct subscription.

A new admin-panel is now visible in WP called "Tulo Paywall Settings" where you can configure how the paywall should work.

The Tulo Paywall product requires that you create a new API user in Payway (see Plug & Play integration for more information), you only need 1 API user for Tulo Paywall in your organisation, and assign correct "Origin-urls" depending on which sites the paywall should be rendered on.

When the API user has been created, reach out to Payway support to have the new API user activated for Tulo Paywall.

HEADSUP! An API user already exists for your organisation in your staging environment, look for an API user with the name "Tulo Paywall" in Payway admin and use that for the Paywall settings below in your staging environment.

• Enable Tulo Paywall
• Add API clientId and secret

These settings determine which Paywall configured in Tulo Payway is going to be displayed when it is fetched on the website.

• Tulo Paywall title - Define the Payway title code where the Paywall has been configured. Read more ....
• Static Paywall key - If you have multiple active Paywalls you can set a static key selecting the Paywall you want to display on the website.
• Dynamic Paywall key - Enter a name of a session variable that should be used for Paywall selection, if left empty, the static key is used.
• Product Paywall key - If checked, Paywall is selected based on the products required to read the article where the Paywall is displayed.

• Tulo Paywall traffic source - Determines the traffic source for new purchases. Read more about traffic sources.
• Tulo Paywall merchant reference (static) - A static merchant reference for new purchases. Read more about merchant reference.
• Tulo Paywall merchant reference from link - The article link will be used as the merchant reference.
• Account origin - Define an Account Origin that should be used for new accounts created from the paywall.

• Spinner HTML - If left empty, the Paywall standard spinner will be shown. Read more about custom spinners.
• Tulo Paywall CSS enabled - if checked, the standard Paywall CSS will be loaded and applied, if not checked you need to apply your own CSS for the Paywall.

• Login URL - If you wish to use the login URL in the Paywall template, define it here.
• Shop URL - If you want to display a marketplace with other options for purchasing, define it here.
• Javascript debug enabled - If checked, more JS debug messages will be shown in the browser console.

• Press "Add variable" to add a new variable
• Define a key for the variable and a value