aad-sso-wordpress icon indicating copy to clipboard operation
aad-sso-wordpress copied to clipboard
verified publisher icon psignoret

Wrong redirect URL

Open mrdenny opened this issue 4 years ago • 4 comments

I've got a super weird problem. I have the checkbox to automatically forward users to the AAD login screen so that we bypass the Wordpress login screen. This is redirecting user back to the login screen and never taking them to the AAD login screen. I renamed the plugin, got into the website (I've got a Wordpress username and password) then put the plugin back. I turned off the redirection to the AAD page, and when I look at the link that the login page use (shown below) that link is pointing back to my website not the AAD URL.

Any clue why this is redirecting to the wrong place and how to fix it?

image

mrdenny avatar Nov 23 '21 22:11 mrdenny

Can you share what other plugins you have enabled? What does URL pointed to by the "Sign in with you..." link look like?

(Also, note there's a way to bypass automatic redirect, easier than renaming the plugin: https://github.com/psignoret/aad-sso-wordpress#bypassing-automatic-redirect-to-azure-ad-to-prevent-lockouts)

psignoret avatar Nov 29 '21 14:11 psignoret

The link itself appears to be everything that should be there after the question mark. There is no actual domain name in the link, so the browser is making it a relative link.

There’s several plugins installed, but nothing was updated when it just randomly stopped working (unless WordPress updated something without me knowing it).

Here’s the list of plugins.

Advanced Sidebar Menu Akismet Anti-Spam Allow Word/Powerpoint/Excel file uploads Cache-Control Classic Widgets Code Embed Cron GUI Disable XML-RPC Pingback Display PHP Version Display Posts Display Widgets Embed Posts Exclude Pages from Navigation FeedWordPress GDPR Cookie Consent List Pages Shortcode Login LockDown My Page Order PayPal Donations Persistent database connection updater Query Monitor Recent Posts by Category Widget Redirection Redirection Reporting Redis Object Cache Remove Yoast SEO Comments Search Everything SendGrid Single Sign-on with Azure Active Directory Social Snap Social Snap Boost Old Posts SyntaxHighlighter Evolved Term Management Tools Ultimate Category Excluder Widget CSS Classes Wonder Slider Lite Wordpress Facebook Pixel WordPress Force HTTPS WordPress Importer WP Crontrol WP Hide Dashboard WP Search Suggest WP Twitter Feeds WP-RSSImport WP-Stats WPFront User Role Editor Yoast SEO

mrdenny avatar Nov 29 '21 18:11 mrdenny

The link should not be pointing to the website, it should be pointing to Azure AD (e.g. https://login.microsoftonline.com/...). What values have you used in the plugin configuration for the redirect URL and the Azure AD authority?

psignoret avatar Dec 11 '21 12:12 psignoret

I'm facing the same problem on a fresh wordpress installation (with no plugins installed)

The "Redirect URL" and "Logout redirect URL" was generated like this on the "Azure AD" config-page in Wordpress: https://mysubdomain.mydomain.com/blog/wp-login.php

But the link at the login-page just points to the: https://mysubdomain.mydomain.com/blog/wp-login.php?response_type=code&scope=openid&domain_hint=&client_id=CLIENTID&resource=https%3A%2F%2Fgraph.microsoft.com&redirect_uri=https://mysubdomain.mydomain.com/blog/wp-login.php&state=STATE_UUID&nonce=NONCE_UUID (or simular, I've replaced a few things..)

Did you manage to fix it, @mrdenny ? Or maybe you have a input here, @psignoret ?

Will this plugin fetch something server-side, too? Currently I'm testing in a closed env., where the server arn't able to talk with anybody. However, the client who visit wp-login.php will be able to access the internet. I took a look at this, but I'm still a bit unsure...

Update: Oh... It actually is, if I look here, so maybe that's why it's failing?

Are there no other way of handling this, without having the host to be connected to the internet?

exetico avatar Mar 29 '22 15:03 exetico