Cross-domain autologin doesn't work on subfolder based multisite

Cross-domain autologin doesn't work on subfolder based multisites with SSL certificates installed.
We use the original domain for admin panel and force mapped domain for frontend of the site. As cross-domain autologin doesn't work subsite admins cannot edit the site using visual Divi builder.

  • Lamarr

    Thanks for the update. The configuration is really wonky.

    Without SSL everything works as expected. With SSL and the various ssl configurations, things begin to go downhill really quickly.

    Key:
    production root: iamhere.com
    subsite : iamhere.com/subsite

    My configuration:
    Production root: https://iamhere.com
    site configurations: http://iamhere.com/subsite1 https://iamhere.com/subsite2

    (DIVI is my primary editor )

    Some subsites have ssl and others don't.

    My observation ... domain mapping is an all of nothing configuration.

    *********** options *****************
    Administration mapping:
    domain entered by the user
    mapped domain
    original domain

    Login mapping

    domain entered by the user
    mapped domain
    original domain
    *************************

    Options for administrative mapping and login mapping MUST be the same or things break badly.
    .

    For purposes of security ( and cost) the best login configuration is to be configured as

    https://iamhere.com/admin for all sites. There a WAF can be placed. otherwise, unless you have complete control of the infrastructure you'd have a financial and administrative nightmare.

    To white-label the backend so users see http://theirdomain.com you would want to set administrative mapping to Mapped domain..... ***** this does not work ***** the page builder doesn't load properly especially if there is a mixture of ssl and non-ssl root and subsite.

    The only option is this scenario is to completely use "original domain" option for administrative and login configuration.

    That gets past most of the errors ... Additionally the subsites must have SSL certificates or divi builder will throw up an error by putting the user into a redirect loop when attempting to use the visual builder and you appear as not loggedin. ( website will display )
    i.e.

    in divi editor you would expect to see https://iamhere.com/subsite/et1....

    instead wordpress tries to do a redirect to https ( yes ssl) //subdomain.com . This happens irregardless if the site is configured to use SSL. A site with ssl will display fine ... with out ssl ... well good luck with that.

    This issue is pretty critical considering the changes that are coming with respect to site ranking , security ...etc. If a client doesn't want to pay for or use SSL that is their choice but it should not be at the cost of forcing the root site to be insecure.

    Personally, I've dedicated close to 40 hours trying to workaround this issue.

  • Dimitris

    Hello there Lamarr,

    hope you're doing good and I'm really sorry for the frustration here!

    This is a already known issue to us and our developers are working on some possible fixes for next plugin release. We'll keep you posted here about development as soon as possible, meanwhile, if you see an update notification in WPMUDEV Dashboard about Domain Mapping plugin, please keep a recent website backup and proceed with the update, or set Automate do that for you!

    Warm regards,
    Dimitris

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.