Cross-domain authentication

Goal: Force SSL for backend. There's lots of info in the codex on this for those who don't know what I'm talking about: http://codex.wordpress.org/Administration_Over_SSL

I've received many concerned mails about the implications of Firesheep http://codebutler.github.com/firesheep/ & Idiocy http://jonty.co.uk/idiocy in the last couple days. Frankly, I see the real issue here being people using free wifi and not understanding it. We understand there's always a risk sending unencrypted packets over a network (the internet), but unencrypted wifi is just plain bad news. Personally, I'd be much happier auto-generating VPN credentials for our paying customers...for various reasons...but our users have spoken. We must have SSL.

Situation: Currently, most of our registered users follow this traffic pattern:
Direct traffic to {ourname.tld} -> Click on login & authenticate -> Auto-redirected to "My Blogs" -> click on "Dashboard" for blog in question -> perform administration of blog

With or without SSL enabled, users have always had to re-login to their mapped domain names if they subsequently try to access a restricted feature from the frontend of the site. They can access their Dashboard from the "My Blogs" link without issue, which takes them to {signupname}.{ourname.tld} but if they try to use a feature on {mapped-name.tld}, such as the "Preview" button while writing a post/page, they have to do a 2nd login on {mapped-name.tld{. This was never ideal, but it's how it's been working, and users have come to accept it.

If we force SSL, when they go to do that 2nd login
A) they're vulnerable to the software above
B) they'll get a certificate error, something that will deeply trouble them (being particularly non-technical and all)

Problem: The redirect from {signupname}.{ourname.tld} to {mapped-domain.tld}, while fantastic, needs to be turned off for logged in users.

Question about Resolution: How would I go about hacking that functionality into Multi-Domains / Domain mapping system? Through sunrise? Have any of you had to do this before?

  • fuzu42

    Hi Barry,

    Once logged in, with SSL forced, we want to only see the non-domain-mapped domain (back & front), as it's currently not monetarily feasible for us to get signed certificates installed on all mapped domains. Our users will complain if we use certificates from a CA that doesn't have its root cert installed in their browser by default. That's where the $ comes in. Ideally, we'd force logged-in frontend access at the subdomain (deny at mapped domain) only for folks with Editor + Admin + Super Admin privileges, so that users who have subscribers on their blog don't have to advertise for their host.

    Currently, we can force the backend to use SSL, and, using the settings on your plugin, allow backend administration only at the subdomain. This is great, but sometimes users do things like press the "preview" button in the backend while they're logged in via their subdomain, which gets them redirected to their mapped domain & a great big 404.

    Thanks for your help!