aad-sso-wordpress icon indicating copy to clipboard operation
aad-sso-wordpress copied to clipboard
verified publisher icon psignoret

Custom Domain Name in Azure Web App - Auth Errors

Open mmggIThub opened this issue 6 years ago • 4 comments

I have a WordPress web app in azure http://xyz.azurewebsites.net I also have a custom domain name abc.123.com that points to xyz.azurewebsites.net via CNAME config for 123.com DNS

AD App in Azure AD has both URLS in Reply URLs http://xyz.azurewebsites.net/wp-logn.php http://abc.123.com/wp-login.php

Redirect URL in the AAD-SSO plugin in wp is set to http://abc.123.com/wp-login.php

Issue is that it all works fine for some days and then suddenly only http://abc.123.com/wp-admin works but not http://abc.123.com Error is Anti-Forgery ID Mismatch

Any help would be appreciated.

mmggIThub avatar Mar 21 '19 02:03 mmggIThub

First, make sure you have not disabled ARR Affinity for the Azure App Service. (This would only be a cause if you had multiple instances, but it could happen.) If you disable that feature, multiple requests could land on different servers, and the PHP session cookie that keeps track of the fact that a user was sent off to sign in with Azure AD

Second, verify that you are consistently using "https://" for all your URLs, and aren't mixing in "http://..." anywhere. If you start the sign-in process from "http://...", but then get redirected back to "https://..." after signing in, the expected cookie isn't present and things don't work.

If you've verified those two things, could you share what plugins you're using that have an effect on sign-in? (E.g. plugins that require users to be signed in, or customizing the login page, for example)

psignoret avatar Mar 21 '19 03:03 psignoret

Thanks for the quick response. I currently don't have SSL enabled so its http. ARR Affinity is On.

Besides AD-SSO plugin I am using My Private Site plugin to allow only authenticated users to view the site.

I remember not having issues before I went the custom domain way.

Wondering if somehow internally abc.123.com pointing to the web app xyz.azurewebsites.net and that url not known to the plugin could be an issue or it has to do with the other plugin?

mmggIThub avatar Mar 21 '19 03:03 mmggIThub

Aside from all of this, you really should turn on HTTPS (it's free and painless with the Azure Let's Encrypt extension, for example).

It's possible the plugin you're using and this plugin are stepping on each other's toes. Can you share how you've configured My Private Plugin, so that I can look into this a bit further?

psignoret avatar Mar 21 '19 04:03 psignoret

Setting are as follows (They were default settings): Do not block WordPress standard User Registration page (Advanced Setting: a check mark in this checkbox is recommended) - This is checked Where to after Login? | Go to Site Home Apply to wp-login.php? - No Custom Login page? - No Site Home Always Visible? http://xyz.azurewebsites.net - No Add URL to be Always Visible - None Current Visible URL Entries | None

mmggIThub avatar Mar 21 '19 05:03 mmggIThub