From 0495d98f60f1a95f486381dcb687013fe09d4041 Mon Sep 17 00:00:00 2001
From: Robert O'Rourke <robert@o-rourke.org>
Date: Thu, 14 Sep 2023 11:52:42 +0100
Subject: [PATCH 1/2] Add note on default multisite behaviour

This one caught me out - I originally was about to filter the `sso_sp_base` option but this is a simple on-liner to use SSO in per site mode.
---
 docs/saml-2-0/README.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/docs/saml-2-0/README.md b/docs/saml-2-0/README.md
index b1cbbeb..71e366e 100644
--- a/docs/saml-2-0/README.md
+++ b/docs/saml-2-0/README.md
@@ -9,6 +9,12 @@ In your IdP you can provide the following endpoint URLs to configure SSO, where
 - Single Logout Service (SLS): `https://<site-url>/sso/sls`
 - Assertion Consumer Service (ACS): `https://<site-url>/sso/verify`
 
+**Note:**: `<site-url>` will default to your primary network URL rather than the current site's URL. For single site mode use the following filter:
+
+```php
+add_filter( 'wpsimplesaml_network_activated', '__return_false' );
+```
+
 ## Identity Provider Metadata XML
 
 To enable SAML 2.0 support, add the IdP metadata XML files to your project's `.config/sso/` directory (you may need to create the directory first).

From bdbc0cbeeabd7f801e93e7c745da37a88506ab24 Mon Sep 17 00:00:00 2001
From: Robert O'Rourke <robert@o-rourke.org>
Date: Thu, 14 Sep 2023 13:24:47 +0100
Subject: [PATCH 2/2] Apply suggestions from code review

---
 docs/saml-2-0/README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/saml-2-0/README.md b/docs/saml-2-0/README.md
index 71e366e..95873c4 100644
--- a/docs/saml-2-0/README.md
+++ b/docs/saml-2-0/README.md
@@ -9,10 +9,10 @@ In your IdP you can provide the following endpoint URLs to configure SSO, where
 - Single Logout Service (SLS): `https://<site-url>/sso/sls`
 - Assertion Consumer Service (ACS): `https://<site-url>/sso/verify`
 
-**Note:**: `<site-url>` will default to your primary network URL rather than the current site's URL. For single site mode use the following filter:
+**Note:**: `<site-url>` will default to your primary network URL rather than the current site's URL. For per site mode use the following filter:
 
 ```php
-add_filter( 'wpsimplesaml_network_activated', '__return_false' );
+add_filter( 'wpsimplesaml_network_activated', '__return_false', 100 );
 ```
 
 ## Identity Provider Metadata XML