Multi Domain's Single Sign-on question.

Hi guys,

First time post on this forum so please bear with me... I'm having a bit of trouble setting up Single Sign-on feature to work across multiple domains. Not sure if it is a problem with the plugin or with my understanding of what it suppose to do so let me talk you through my set up, what I expect to happen and what actually happens... and hopefully someone will point out where I'm going wrong.

MY SETUP:

WP 3.3 Multi-site, Akismet, Multi-Domain v1.1.5, Domain Mapping v3.0.5, Multi-DB v3.1.2, Pro-sites v3.0.4

I imagine I've got a fairly typical setup: I'm running a single install of WP Multi-site with a number of CentralNIC domains pointing to its root (/). Multi-site is configured for subdirectory install of child blogs, primary blog is served out of the domains root. The idea is to split a number of user sites across multiple channels, which are defined by the parent domain. In other words:

My Parent Domains are: dev.domain1.com, dev.domain2.com
My user sites are: dev.domain1.com/site1, dev.domain2.com/site2, dev.domain2.com/site3

MY EXPECTATIONS:

Correct me if I'm wrong (and can quite easily be wrong here), but in my understanding Single Sign-on means that a user should be able to login into Site2 and be able to do all of the following:

(1) administer their own site as and when required
(2) visit a site on the same parent network (Site3) and leave a comment as themselves
(3) visit a site on a different parent network (Site1) and leave a comment as themselves

In both (2) and (3) the user should not be queried to login a second time, and in all cases their admin bar (a fixed bar at the top of the browser window spanning the entire width of the page) should remain visible.

MY ACTUAL RESULTS:

Unfortunately the behaviour I'm experiencing is a little different from what I was expecting: when I login to my development instance as Site2 I indeed can admin dev.domain2.com/site2; when I go to dev.domain2.com/site3 I can indeed leave a comment as Site2 and the admin bar remains visible.

However, when I go to dev.domain1.com/site1 the admin bar disappears and user Site2 (me) appears to be no longer logged in. When I return to either Site2 or Site3, the admin bar reappears and user Site2 once again appears to be logged in.

To me such behaviour appears to be a symptom of cookies not syncing across multiple domains. I've tried the same test on multiple browsers (Chrome, Safari) and two OS (MacOS X, Linux) and this behaviour is consistent across all of them.

So, to eliminate the possibility that it is the result of a conflict with another plugin, I've simplified my install to WP 3.3 Multi-site, Akismet, Multi-Domain v1.1.5, Multi-DB v3.1.2, ie: I've uninstalling Pro-sites and Domain Mapping plugins (wp-content/sunrise.php downgraded from multi-domains/dm_sunrise.php to multi-domains/sunrise.php). This resulted in no change to the behaviour I'm experiencing.

I was hoping somebody here could point out what else I could try before uninstalling everything and starting from scratch. Any idea or suggestions are welcome!!

PS: Not sure if it is relevant or not but my wp-content/db-config.php is void of any calls to add_global_table() as per https://premium.wpmudev.org/forums/topic/multidb-and-multidomain#post-55112

  • Jason

    I'm in a similar situation, but subdomains instead.

    A visitor to the main site can login, and comment on any subblog without relogging in.
    They can create new sites, and administer them.

    But when I use the custom domain to map to a second domain, that one domain requires relogin.

    But my problem is that also the homepage of the mapped domain, redirects back to the main site. But the all the pages, posts, and admin section of the mapped domain work fine.

    ???

    The old domain mapping plugin let me make multiple sites no problem, but the users were not synced. This is driving me nuts!

    I think you're on the right track with...

    cookies not syncing across multiple domains

    But I'm not sure how to fix my first problem before I get to that problem!!

    Any advice?

  • DavidM

    Hi Dmytro and first off, welcome to WPMU DEV!

    Just to check to start with, do you have the Single Signon option turned on at the following?
    yourdomain.com/wp-admin/network/settings.php?page=multi-domains

    Also, is it possible you've got cookies turned off in your browser? Any chance you could try through another browser?

    EDIT: Jason, if you could try the same, it'll help us to see what's occuring in your case too.

    Thanks,
    David

  • Jason

    The button says "Disable Single Sign-on" under the Single Signon section of that page.

    I assume then that it's enabled, and clicking it would thus disable the Single Sign-on.

    Should I flip it a few times and see if that helps? Maybe it's stuck, lol...

    Actually, I turned that ON before I added another domain. Is there some order or other procedure I need to be following to add more domains?

    "The Single Sign-on feature synchronize login cookies on all the domains."

    It worked right away for subdomains, just not external domains....

  • UmkaDK

    Hi DavidM,

    Thanks for the welcome! :slight_smile: Yes, single sign-on is enabled: the button in the Settings -> Multi-Domains says "Disable Single Sign-on" and the last message at the top of the admin page (you know, the one's that popup on yellow background) said "Single sign-on enabled".

    I've tried both Safari and Crome in "Enable domain cookies but block 3rd party cookies" and "Enable all cookies" modes (obviously, clearing old cookies at every step). What's more, I've tried both browsers on two different OS (Mac OS X & Linux) on two separate machines.... unfortunately, always with the same result.

    Also if it helps, I have 7 cookies set on my primary parent domain (the one defined as DOMAIN_CURRENT_SITE constant in wp-config.php) and only 3 cookies on my other parent domain. I can give you the list of cookie names if you need them ...

    @Jason: Thanks for joining in on this thread, it's reassuring to know that I'm not the only one experiencing something like this!

  • UmkaDK

    @Jason: I'm guessing you are talking about:

    But my problem is that also the homepage of the mapped domain, redirects back to the main site. But the all the pages, posts, and admin section of the mapped domain work fine.

    If it's of any help, it is exactly what happens on my install but it suits me just fine as it prevent's content duplication between multiple domains, and allows me to have a single "main" page for the entire network. Though I do see your point, and it would be nice if there was an option that allowed users to select what sort of domain they would like to map, ie: head-less domain vs a domain with it's own primary blog.

    ... or alternatively, an ability to define a custom redirect for root and non-existing URL on the mapped domain.

  • UmkaDK

    Hi Jason,

    Yep, I've tried something similar but personally, I'm quite agains modifying core system files. Experience taught me that this often leads to more problems down the line. So, I've implemented a similar solutions through a rewrite rule in the htaccess file:

    # Custom: enable domain redirects
    <IfModule mod_rewrite.c>
        RewriteEngine On
        RewriteBase /
    
        RewriteCond %{HTTP_HOST} ^dev\.hub\.(gb|de)\.com$
        RewriteRule ^(([_0-9a-zA-Z-]+/)?wp-login.php(\?.*)?)$ "http\:\/\/dev\.hub\.eu\.com\/$1" [R=301,L]
    </IfModule>

    At first glance this appeared to be working but upon closer inspection loads of problems became apparent: users were unable to access their dashboard, were redirected to the 404 page upon login (Uuuppss... This is embarrassing), admin bar was not visible for loged in users when browsing their site, etc

    So I'm afraid this is still an open and active issue for me. A bit of a show stopper, you could say! :slight_frown:

  • mediamorfosi

    Hi everyone
    i've the same problem.

    My Needs.
    One WPMS installation with 4 blogs.
    Every blogs have it's own domain name (i.e. main.com, blog1.com, blog2.com blog3,com)
    I need SSO between all sites.

    Problems
    When a register a new user (into a main.com site) it works fine, but if i log into main.com site i'm not logged when i visit blog1.com or blog2.com etc.

    I'm testing this plugin in a brand new installation.
    wpms 3.3.1
    buddypress 1.5.3.1
    domain mapping 3.0.7
    multi-domains 1.1.6

    what i did
    with multi-domains without domain mapping
    if i add more domains into multi-domains setting and create a new site with it's own specific domain it don't works

    if i add more domain into multi-domains setting, but when i create a new blog i create it with the base domain (i.e. blog1.main.com / blog2.main.com etc)
    i mapping the blog it
    blog1.com -> blog1.main.com
    blog2.com -> blog2.main.com
    seem works, but i don't understand if my way is right or not.
    -first- i can't have a http://www.blog1.com mapped on blog1.main.com :slight_frown:
    -second- if i activate a buddypress blog page the blog are listed with the original name (blog1.main.com but if i click on this link i was redirect on the right address blog1.com)

    in this way the SSO seems works fine, if i'm loggen on blog1.com i'm appeare logged also on main.com

    could you explain me the right way that i must follow for satisfy my needs?
    thank you advance

  • UmkaDK

    Hi mediamorfosi,

    First of all, welcome to the forum! :slight_smile:

    I probably just misunderstood your question, but if all you are trying to do is to setup "one WPMS installation with 4 blogs, each of which has it's own domain name (i.e. main.com, blog1.com, blog2.com blog3,com)" then you don't need to use Multi-domains plugin. Try just installing Domain Mapping plugin on it's own, this should be enough.

    Also, if you have further questions, I would start a new thread. This one is marked as resolved, so most people would probably not look for follow ups or further questions in here.

  • Timothy Bowers

    Thats correct single signon is not used within the Domain Mapping plugin.

    Multi-domain does support this, but you will then create separate network installs rather than multiple sites within one network.

    To ensure your questions are answered it is always best start a new thread, this way it ensure we don't miss it. Unless of course your issue is identical and the current thread is active. :slight_smile:

    Take care.

  • UmkaDK

    Mediamorfosi,

    I assume that by Single Sign On you mean that you wish for a user who is logged in into one of your blogs to appear logged in across all of your blogs. If this is the case, then you should not need any additional plugins, as this is a default behaviour of both WPMU and Domain Mapping plugin.

    In fact, the following is a quote from the Domain Mapping description page:

    And, naturally, we've built in cross domain cookie syncing, so your users will stay logged in (or out) regardless of whether they are on your standard domain or their custom one.

    Hope it help!

  • Saunt Valerian

    To support what Timothy says here is the blurb from the domain mapping install page:

    Cookie syncing is where you log into your mappeddomain.com and subsite.domain.com at the same time. Its this process that allows you to administer and view a mapped domain website whilst being logged in.

    Its not a process to log you into all mapped domains on a network install.

    Network single sign on does not work with the WPMU DEV domain mapping plugin. Cookie syncing is only for that one subsite to ensure that they user is logged into both the mapped and non-mapped domain for that subsite only.

  • pxjenkins

    Just wanted to check one point..earlier on Dmytro mentioned that he "installed domain-mapping plugin into my wp-content/plugins folder, instead of mu-plugins" and that this was the source of problems.
    But, as far as I can see, DM needs to be in plugins not mu-plugins. Is that right?

    In my setup, the sites within the WPMS need to be domain mapped for marketing purposes, and the network needs to have Multi-Domains and Pro-Sites functioning such that the new users can choose to register their blog on any one of the (domain mapped) sites as their 'base'.

    Is there any way to have a WPMS network containing a number of sites, each of which are domain-mapped and among all of which there is SSO? Or is this a fruitless quest because of the way in which the Domain Mapping plugin(s) (i.e. WPMUDev's, or others) handle cookies? I'm using Multisite User Management and Theme my Login to try to make the user experience as seamless as possible - but I still run into the login issue: a user registered and logged in to one (domain mapped) site has to re-login to any of the other (domain mapped) sites even though Multisite User Management has automatically assigned that user a role (e.g. contributor) among all the sites.

    On what I believe is a related point: having played around with various combinations of BP, Networks+, BP Multi-Network, WP Symposium etc - I've yet to find a way to have a social network set up where membership is shared among all the domain-mapped sites allowing the user to participate in activity on any of the sites, but the forum content and group activity is segregated to the individual (domain mapped) sites, i.e. one site's content does not spill over into another site. Is this also a bridge too far for WPMS?

    Thanks!

  • Timothy Bowers

    Hey there. :slight_smile:

    But, as far as I can see, DM needs to be in plugins not mu-plugins. Is that right?

    Thats no longer the case with the most recent version.

    I updated the install instructions about a week ago I think. You can check them out here:

    https://premium.wpmudev.org/project/domain-mapping/installation/

    If you own those domains, and you wanted then you could consider:

    https://premium.wpmudev.org/project/multi-domains

    This is essentially a multiple network plugin. So each domain is a separate WordPress network. It does support single sign on.

    Each network is separate though.

    I understand the need for single signon with domain mapping where the domains belong to you as part of your brand. In fact you could request that feature here, detailing the need for single signon:

    http://wpmudev.uservoice.com/forums/148158-wpmu-dev-development-and-feature-requests

    Take care.

  • Timothy Bowers

    Hey again. :slight_smile:

    Domain Mapping plugin - Lets all sites within one network have a domain mapped. This does not support single sign on.

    Multi Domains - This allows a WordPress install to run multiple networks. Each domain is owned by you and has single sign on.

    Network1.com
    - - subsite1.com (done with domain mapping plugin)
    - - subsite2.com (done with domain mapping plugin)
    - - subsite3.Network1.com

    Network2.com (Done with Multi Domain Plugin) <-- Sign in here, and you are signed into Network1.com as well.
    - - subsite4.com (done with domain mapping plugin)
    - - subsite5.com (done with domain mapping plugin)
    - - subsite6.Network2.com

    (Domain Mapping can then be used on sites within each network)

    So if you sign into the main domain network1.com then you are single signed into network3.com as well.

    Does that make it any clearer. :slight_smile:

    Take care.

  • Jack Kitterhing

    Hi there @Max,

    Hope you're well today! :slight_smile:

    Domain Mappings had loads of fantastic new features since Timothy last posted here, one of those is the addition of Single Sign On for Domain Mapping! :slight_smile:

    You can find this in network admin > network settings > domain mapping.

    Of course, any questions or issues, please don't hesitate to ask.

    Thanks!

    Kind Regards
    Jack.

  • wp.network

    Hey @Jack Kitterhing

    Thanks for jumping in here! Domain Mapping has indeed come a long way since 2012... really looking forward to the next release too :slight_smile:

    network admin > network settings > domain mapping

    Here its called 'cross-domain auto login' though, right?

    at network admin > network settings > multi-domains its called 'Single Signon'

    So, should both these be be enabled if the plugins are being used together?

    Kind Regards,
    Max

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.