aad-sso-wordpress icon indicating copy to clipboard operation
aad-sso-wordpress copied to clipboard
verified publisher icon psignoret

aad-sso-wordpress and ithemes security results in 414

Open mottersen opened this issue 8 years ago • 3 comments

Just an fyi: If you use the defaults for the ithemes security plugin, you'll get a 414 error when you try to use aad-sso-wordpress. ithemes will throw an error if the URI is too long (HTTP Error 414 Request URI too long). An assertion from azure ad to wordpress will contain a very long URI.

mottersen avatar Feb 22 '17 06:02 mottersen

@mottersen, thanks for reporting this. This would be addressed by #113.

psignoret avatar Feb 22 '17 09:02 psignoret

This is the offending setting in ithemes: Filter Long URL Strings Limits the number of characters that can be sent in the URL. Hackers often take advantage of long URLs to try to inject information into your database.

Disabling that setting would be a workaround for the current version. Hopefully #113 can address the length for a longer term solution. Thanks for the great work btw.

mottersen avatar Feb 22 '17 18:02 mottersen

Yes, I'm upvoting this.

radekbaranowski avatar Mar 27 '17 10:03 radekbaranowski