Multi Domain's Single Sign-on question.

Hi guys,

First time post on this forum so please bear with me... I'm having a bit of trouble setting up Single Sign-on feature to work across multiple domains. Not sure if it is a problem with the plugin or with my understanding of what it suppose to do so let me talk you through my set up, what I expect to happen and what actually happens... and hopefully someone will point out where I'm going wrong.

MY SETUP:

WP 3.3 Multi-site, Akismet, Multi-Domain v1.1.5, Domain Mapping v3.0.5, Multi-DB v3.1.2, Pro-sites v3.0.4

I imagine I've got a fairly typical setup: I'm running a single install of WP Multi-site with a number of CentralNIC domains pointing to its root (/). Multi-site is configured for subdirectory install of child blogs, primary blog is served out of the domains root. The idea is to split a number of user sites across multiple channels, which are defined by the parent domain. In other words:

My Parent Domains are: dev.domain1.com, dev.domain2.com
My user sites are: dev.domain1.com/site1, dev.domain2.com/site2, dev.domain2.com/site3

MY EXPECTATIONS:

Correct me if I'm wrong (and can quite easily be wrong here), but in my understanding Single Sign-on means that a user should be able to login into Site2 and be able to do all of the following:

(1) administer their own site as and when required
(2) visit a site on the same parent network (Site3) and leave a comment as themselves
(3) visit a site on a different parent network (Site1) and leave a comment as themselves

In both (2) and (3) the user should not be queried to login a second time, and in all cases their admin bar (a fixed bar at the top of the browser window spanning the entire width of the page) should remain visible.

MY ACTUAL RESULTS:

Unfortunately the behaviour I'm experiencing is a little different from what I was expecting: when I login to my development instance as Site2 I indeed can admin dev.domain2.com/site2; when I go to dev.domain2.com/site3 I can indeed leave a comment as Site2 and the admin bar remains visible.

However, when I go to dev.domain1.com/site1 the admin bar disappears and user Site2 (me) appears to be no longer logged in. When I return to either Site2 or Site3, the admin bar reappears and user Site2 once again appears to be logged in.

To me such behaviour appears to be a symptom of cookies not syncing across multiple domains. I've tried the same test on multiple browsers (Chrome, Safari) and two OS (MacOS X, Linux) and this behaviour is consistent across all of them.

So, to eliminate the possibility that it is the result of a conflict with another plugin, I've simplified my install to WP 3.3 Multi-site, Akismet, Multi-Domain v1.1.5, Multi-DB v3.1.2, ie: I've uninstalling Pro-sites and Domain Mapping plugins (wp-content/sunrise.php downgraded from multi-domains/dm_sunrise.php to multi-domains/sunrise.php). This resulted in no change to the behaviour I'm experiencing.

I was hoping somebody here could point out what else I could try before uninstalling everything and starting from scratch. Any idea or suggestions are welcome!!

PS: Not sure if it is relevant or not but my wp-content/db-config.php is void of any calls to add_global_table() as per https://premium.wpmudev.org/forums/topic/multidb-and-multidomain#post-55112

  • Jason
    • The Incredible Code Injector

    I'm in a similar situation, but subdomains instead.

    A visitor to the main site can login, and comment on any subblog without relogging in.
    They can create new sites, and administer them.

    But when I use the custom domain to map to a second domain, that one domain requires relogin.

    But my problem is that also the homepage of the mapped domain, redirects back to the main site. But the all the pages, posts, and admin section of the mapped domain work fine.

    ???

    The old domain mapping plugin let me make multiple sites no problem, but the users were not synced. This is driving me nuts!

    I think you're on the right track with...

    cookies not syncing across multiple domains

    But I'm not sure how to fix my first problem before I get to that problem!!

    Any advice?

  • DavidM
    • DEV MAN’s Mascot

    Hi Dmytro and first off, welcome to WPMU DEV!

    Just to check to start with, do you have the Single Signon option turned on at the following?
    yourdomain.com/wp-admin/network/settings.php?page=multi-domains

    Also, is it possible you've got cookies turned off in your browser? Any chance you could try through another browser?

    EDIT: Jason, if you could try the same, it'll help us to see what's occuring in your case too.

    Thanks,
    David

  • Jason
    • The Incredible Code Injector

    The button says "Disable Single Sign-on" under the Single Signon section of that page.

    I assume then that it's enabled, and clicking it would thus disable the Single Sign-on.

    Should I flip it a few times and see if that helps? Maybe it's stuck, lol...

    Actually, I turned that ON before I added another domain. Is there some order or other procedure I need to be following to add more domains?

    "The Single Sign-on feature synchronize login cookies on all the domains."

    It worked right away for subdomains, just not external domains....

  • UmkaDK
    • Design Lord, Child of Thor

    Hi DavidM,

    Thanks for the welcome! :slight_smile: Yes, single sign-on is enabled: the button in the Settings -> Multi-Domains says "Disable Single Sign-on" and the last message at the top of the admin page (you know, the one's that popup on yellow background) said "Single sign-on enabled".

    I've tried both Safari and Crome in "Enable domain cookies but block 3rd party cookies" and "Enable all cookies" modes (obviously, clearing old cookies at every step). What's more, I've tried both browsers on two different OS (Mac OS X & Linux) on two separate machines.... unfortunately, always with the same result.

    Also if it helps, I have 7 cookies set on my primary parent domain (the one defined as DOMAIN_CURRENT_SITE constant in wp-config.php) and only 3 cookies on my other parent domain. I can give you the list of cookie names if you need them ...

    @Jason: Thanks for joining in on this thread, it's reassuring to know that I'm not the only one experiencing something like this!

  • UmkaDK
    • Design Lord, Child of Thor

    @Jason: I'm guessing you are talking about:

    But my problem is that also the homepage of the mapped domain, redirects back to the main site. But the all the pages, posts, and admin section of the mapped domain work fine.

    If it's of any help, it is exactly what happens on my install but it suits me just fine as it prevent's content duplication between multiple domains, and allows me to have a single "main" page for the entire network. Though I do see your point, and it would be nice if there was an option that allowed users to select what sort of domain they would like to map, ie: head-less domain vs a domain with it's own primary blog.

    ... or alternatively, an ability to define a custom redirect for root and non-existing URL on the mapped domain.

  • DavidM
    • DEV MAN’s Mascot

    Hi guys,

    Thanks for the confirmations on that. I've asked a few of the other guys over here to have a look at this as well, as I don't really have an easy way to test this specifically.

    @Jason, I'm having a look at your recent thread too, we'll take a look at that possibility as well.

    -David

  • UmkaDK
    • Design Lord, Child of Thor

    Hi Jason,

    Yep, I've tried something similar but personally, I'm quite agains modifying core system files. Experience taught me that this often leads to more problems down the line. So, I've implemented a similar solutions through a rewrite rule in the htaccess file:

    # Custom: enable domain redirects
    <IfModule mod_rewrite.c>
        RewriteEngine On
        RewriteBase /
    
        RewriteCond %{HTTP_HOST} ^dev\.hub\.(gb|de)\.com$
        RewriteRule ^(([_0-9a-zA-Z-]+/)?wp-login.php(\?.*)?)$ "http\:\/\/dev\.hub\.eu\.com\/$1" [R=301,L]
    </IfModule>

    At first glance this appeared to be working but upon closer inspection loads of problems became apparent: users were unable to access their dashboard, were redirected to the 404 page upon login (Uuuppss... This is embarrassing), admin bar was not visible for loged in users when browsing their site, etc

    So I'm afraid this is still an open and active issue for me. A bit of a show stopper, you could say! :slight_frown:

  • Mason
    • DEV MAN’s Sidekick

    Hiya,

    Just checking if it was eventually resolved in another thread? Or by yourself separately to us? Or by us over email with you? Or using our live support?

    If so, no need to reply, that's great news.

    If not, could you let us know by re-opening this topic, and we'll get onto it and helping you out asap!
    Otherwise, happy days, glad you got it sorted :slight_smile:

    Thanks!

  • UmkaDK
    • Design Lord, Child of Thor

    Just a quick update on what happened here: Yes, the issue was resolved and everything is working absolutely fine now. The problem was that I didn't pay attention to the install docs and installed domain-mapping plugin into my wp-content/plugins folder, instead of mu-plugins. I'm guessing that this combined with the use of dm_sunrise.php produced a subtle but undesired effect.

  • mediamorfosi
    • New Recruit

    Hi everyone
    i've the same problem.

    My Needs.
    One WPMS installation with 4 blogs.
    Every blogs have it's own domain name (i.e. main.com, blog1.com, blog2.com blog3,com)
    I need SSO between all sites.

    Problems
    When a register a new user (into a main.com site) it works fine, but if i log into main.com site i'm not logged when i visit blog1.com or blog2.com etc.

    I'm testing this plugin in a brand new installation.
    wpms 3.3.1
    buddypress 1.5.3.1
    domain mapping 3.0.7
    multi-domains 1.1.6

    what i did
    with multi-domains without domain mapping
    if i add more domains into multi-domains setting and create a new site with it's own specific domain it don't works

    if i add more domain into multi-domains setting, but when i create a new blog i create it with the base domain (i.e. blog1.main.com / blog2.main.com etc)
    i mapping the blog it
    blog1.com -> blog1.main.com
    blog2.com -> blog2.main.com
    seem works, but i don't understand if my way is right or not.
    -first- i can't have a http://www.blog1.com mapped on blog1.main.com :slight_frown:
    -second- if i activate a buddypress blog page the blog are listed with the original name (blog1.main.com but if i click on this link i was redirect on the right address blog1.com)

    in this way the SSO seems works fine, if i'm loggen on blog1.com i'm appeare logged also on main.com

    could you explain me the right way that i must follow for satisfy my needs?
    thank you advance

  • UmkaDK
    • Design Lord, Child of Thor

    Hi mediamorfosi,

    First of all, welcome to the forum! :slight_smile:

    I probably just misunderstood your question, but if all you are trying to do is to setup "one WPMS installation with 4 blogs, each of which has it's own domain name (i.e. main.com, blog1.com, blog2.com blog3,com)" then you don't need to use Multi-domains plugin. Try just installing Domain Mapping plugin on it's own, this should be enough.

    Also, if you have further questions, I would start a new thread. This one is marked as resolved, so most people would probably not look for follow ups or further questions in here.

  • mediamorfosi
    • New Recruit

    Dmytro

    thank you for your answer.

    jes with Domain Mapping i can redirect my domains names to the right blog, but i need also Single Sign On (SSO).
    Multi-Domains have a SSO option, i can't see this option into Domain Mapping.
    I don't understand if my way is the right way or not.

  • Timothy
    • Chief Pigeon

    Thats correct single signon is not used within the Domain Mapping plugin.

    Multi-domain does support this, but you will then create separate network installs rather than multiple sites within one network.

    To ensure your questions are answered it is always best start a new thread, this way it ensure we don't miss it. Unless of course your issue is identical and the current thread is active. :slight_smile:

    Take care.

  • UmkaDK
    • Design Lord, Child of Thor

    Mediamorfosi,

    I assume that by Single Sign On you mean that you wish for a user who is logged in into one of your blogs to appear logged in across all of your blogs. If this is the case, then you should not need any additional plugins, as this is a default behaviour of both WPMU and Domain Mapping plugin.

    In fact, the following is a quote from the Domain Mapping description page:

    And, naturally, we've built in cross domain cookie syncing, so your users will stay logged in (or out) regardless of whether they are on your standard domain or their custom one.

    Hope it help!

  • Timothy
    • Chief Pigeon

    Hey Dymtro.

    Thanks for that, just to clarify though....

    If I log into mysite.mydomain.com it will log them into mymappeddomain.com, but not if they log into the root of mydomain.com.

    The cookie syncing is between mysite.mydomain.com and mymappeddomain.com.

    Thanks. :slight_smile:

  • Saunt Valerian
    • The Bug Hunter

    To support what Timothy says here is the blurb from the domain mapping install page:

    Cookie syncing is where you log into your mappeddomain.com and subsite.domain.com at the same time. Its this process that allows you to administer and view a mapped domain website whilst being logged in.

    Its not a process to log you into all mapped domains on a network install.

    Network single sign on does not work with the WPMU DEV domain mapping plugin. Cookie syncing is only for that one subsite to ensure that they user is logged into both the mapped and non-mapped domain for that subsite only.

  • pxjenkins
    • Site Builder, Child of Zeus

    Just wanted to check one point..earlier on Dmytro mentioned that he "installed domain-mapping plugin into my wp-content/plugins folder, instead of mu-plugins" and that this was the source of problems.
    But, as far as I can see, DM needs to be in plugins not mu-plugins. Is that right?

    In my setup, the sites within the WPMS need to be domain mapped for marketing purposes, and the network needs to have Multi-Domains and Pro-Sites functioning such that the new users can choose to register their blog on any one of the (domain mapped) sites as their 'base'.

    Is there any way to have a WPMS network containing a number of sites, each of which are domain-mapped and among all of which there is SSO? Or is this a fruitless quest because of the way in which the Domain Mapping plugin(s) (i.e. WPMUDev's, or others) handle cookies? I'm using Multisite User Management and Theme my Login to try to make the user experience as seamless as possible - but I still run into the login issue: a user registered and logged in to one (domain mapped) site has to re-login to any of the other (domain mapped) sites even though Multisite User Management has automatically assigned that user a role (e.g. contributor) among all the sites.

    On what I believe is a related point: having played around with various combinations of BP, Networks+, BP Multi-Network, WP Symposium etc - I've yet to find a way to have a social network set up where membership is shared among all the domain-mapped sites allowing the user to participate in activity on any of the sites, but the forum content and group activity is segregated to the individual (domain mapped) sites, i.e. one site's content does not spill over into another site. Is this also a bridge too far for WPMS?

    Thanks!

  • Timothy
    • Chief Pigeon

    Hey there. :slight_smile:

    But, as far as I can see, DM needs to be in plugins not mu-plugins. Is that right?

    Thats no longer the case with the most recent version.

    I updated the install instructions about a week ago I think. You can check them out here:

    https://premium.wpmudev.org/project/domain-mapping/installation/

    If you own those domains, and you wanted then you could consider:

    https://premium.wpmudev.org/project/multi-domains

    This is essentially a multiple network plugin. So each domain is a separate WordPress network. It does support single sign on.

    Each network is separate though.

    I understand the need for single signon with domain mapping where the domains belong to you as part of your brand. In fact you could request that feature here, detailing the need for single signon:

    http://wpmudev.uservoice.com/forums/148158-wpmu-dev-development-and-feature-requests

    Take care.

  • pxjenkins
    • Site Builder, Child of Zeus

    Hi Tim,

    Thanks for your reply.

    i.e. latest version of Domain Mapping plug should be in plugins..

    Re Multi-Domains and SSO: as far as I understand it, there is no way to get SSO to work across domain mapped sites because browsers won't allow cookies from one site to be assigned to another. I'll try the request, though. It would be magic if possible!

  • Timothy
    • Chief Pigeon

    i.e. latest version of Domain Mapping plug should be in plugins..

    Yup, thats right. :slight_smile:

    The Multi-Domains plugin will work, but thats different to mapped domains.

    From the Multi-Domains page:

    Also, this feature is single sign on compatible - so if you're logged into one domain, you'll also be logged into the other ones... cookie magic!

    Hope this helps.

    Take care.

  • Timothy
    • Chief Pigeon

    Hey again :slight_smile:

    Multi-domains plugin isnt the same as the Domain Mapping pluign. So as it says "if you're logged into one domain, you'll also be logged into the other ones". <-- this creates multiple networks, so all the domains you own.

    The Domain Mapping plugin doesn't break it, it intentionally does not do it.

    Take care.

  • pxjenkins
    • Site Builder, Child of Zeus

    Still not getting this - I must be slow :slight_smile:

    Will Multi-Domains enable Single Signon (i.e. when a user is logged into one site, he/she is logged into all) on sites within a single WPMS network that are all domain mapped?

  • Timothy
    • Chief Pigeon

    Hey again. :slight_smile:

    Domain Mapping plugin - Lets all sites within one network have a domain mapped. This does not support single sign on.

    Multi Domains - This allows a WordPress install to run multiple networks. Each domain is owned by you and has single sign on.

    Network1.com
    - - subsite1.com (done with domain mapping plugin)
    - - subsite2.com (done with domain mapping plugin)
    - - subsite3.Network1.com

    Network2.com (Done with Multi Domain Plugin) <-- Sign in here, and you are signed into Network1.com as well.
    - - subsite4.com (done with domain mapping plugin)
    - - subsite5.com (done with domain mapping plugin)
    - - subsite6.Network2.com

    (Domain Mapping can then be used on sites within each network)

    So if you sign into the main domain network1.com then you are single signed into network3.com as well.

    Does that make it any clearer. :slight_smile:

    Take care.

  • wp.network
    • The Bug Hunter

    @Timothy Bowers

    That was so very clear! The only thing greater than its clarity was its helpfulness!

    Seriously, I have gone months playing with these plugins trying to figure out what you just laid out in a few paragraphs. It all seems obvious now...

    Thanks. Super awesomeness all around, and cheers to learning curves.

    Kind Regards & Aloha,
    Max

  • Jack Kitterhing
    • Code Norris

    Hi there @Max,

    Hope you're well today! :slight_smile:

    Domain Mappings had loads of fantastic new features since Timothy last posted here, one of those is the addition of Single Sign On for Domain Mapping! :slight_smile:

    You can find this in network admin > network settings > domain mapping.

    Of course, any questions or issues, please don't hesitate to ask.

    Thanks!

    Kind Regards
    Jack.

  • wp.network
    • The Bug Hunter

    Hey @Jack Kitterhing

    Thanks for jumping in here! Domain Mapping has indeed come a long way since 2012... really looking forward to the next release too :slight_smile:

    network admin > network settings > domain mapping

    Here its called 'cross-domain auto login' though, right?

    at network admin > network settings > multi-domains its called 'Single Signon'

    So, should both these be be enabled if the plugins are being used together?

    Kind Regards,
    Max

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.