Single Sign-on forces to relogin

I am banging my head and I need some assistance. I have 3.8.1 multisite installed and I want to use two domains for my users to choose from. Blogs are to be in subdomains. I have installed current version of Multi-Domains and configured according to the installation/configuration instructions. I have enabled Single Sign-on expecting to be able to login once. I have also configured a loginbox in a sidepanel of the main site (using standard wordpres login box function). After logging in the user stays on the front page and the login box is replaced with proper links for a logout and their dashboard.
Here's what is happening when the Single Sign-on is enabled:
1. first login - user is logged in, I have their account data and I can display their links.
2. However the dashbord link doesn't work - user is forced to relogin on wp-login.php
3. Only then can he/she enter their dashboard
4. Subsequent logons work fine and the link on the main page works.
5. Logout causes the need for double login again

If I turn off Single Sign-on in Multi-Domains and declare
define('COOKIEPATH', '/');
in wp-config - login works as I intended but only on the single main domain.

What should I do to have a single sign-on on the main blog, working across domains?

  • janslu
    • Flash Drive

    Hi,
    I'm actually using my own. I've put the following code into custom-functions.php of my theme and put [loginx_box2] shortcode as a widget...

    function custom_login_box( $atts ) {
    	        global $user_login;
    	        $html = '';
    	        if ( !is_user_logged_in() ){
    	        	$html .= wp_login_form( 'echo=0' );
    	        	$html .= '<a href="'.wp_lostpassword_url().'" title="Lost Password">Nie pami?tasz has?a?</a>';
    	        } else {
    	        	  global $current_user;
      				  get_currentuserinfo();
    					$blog = get_active_blog_for_user($current_user->ID);
    					$blogname = $blog->blogname;
    					$blogurl = $blog->siteurl;
    					$adminurl = get_admin_url($blog->blog_id);
    
    	            $html .= '<div class="login-header">
    					<h3><a href="'.$blogurl.'" title="Twój blog: '.$blogname.'">'.$current_user->user_login.'</a></h3>
    				  </div>
    				  <div class="login-body">
    						<div class="login-thumbnail">
    						'.get_avatar( $current_user->ID, '225' ).'
    						</div>
    					</div>
      				  <div class="login-footer">';
    	            $html .= wp_loginout(home_url(),0);
    	            $html .= " | ";
    	            $html .= '<a title="Kokpit" href="'.$adminurl.'">Kokpit</a>';
    	        }
    	        $html .= '</div>';
    	        return $html;
    }
    add_shortcode( 'login_box2', 'custom_login_box' );
  • janslu
    • Flash Drive

    Ok, I'll clean my install of other plugins and I'll test some more. Just to make sure:

    1. you log out the current user using the sidebar form logout link on the main page
    2. you login the user through the sidebar form
    3. you see the logged in user data and the dashboard link (login works)
    4. you can enter the dashboard using the link without wp-login reauth?

  • janslu
    • Flash Drive

    I have stripped my Wordpress installation almost naked. Tested on different themes. And multi_domains behaviour seems to be very consistent:
    If I enable Single Sign-on, the sidebar login box logs users in but not completely. User seems to be logged on, but in fact is not - he/she needs to relogin.
    Please - try the following scenario:
    1. Multi-Domains enabled, two domains defined (although the problem exists on a single domain)
    2. Single Sign-on enabled
    3. custom widget using stock wordpress functions to log user in
    4. I'm using a user of a blog named xxx1.domain.com in a separate browser.
    - start with the start page of the main blog - domain.com
    - enter data of xxx1 blog owner in a widget
    - widget acts AS IF the user was logged in I get proper links and avatar image
    - if I click on a link leading to xxx1.domain.com (no matter if it's a starting page or wp-admin) I have 50% chance of going in or being redirected to wp-login with reauth=1
    - if I got in, return to domain.com and click logout in the widget
    - refresh or not / doesn't matter
    - enter data of xxx1 user inside the widget
    - it seems the user is logged in
    - I have 100% chance of being redirected to wp-login if I click on the links to xxx1.domain.com
    This is consistent and I have no idea what's wrong and even how to debug the problem.
    If I disable Single Sign-on - it works as it should - I am logged in / out without a problem.

    Is there any way I can help with testing this? I must have an easy and working way to log in users of all the blogs.

  • aristath
    • Recruit

    Hello again @janslu,

    I'm afraid this is a bit above my level of expertise so I have notified the plugin developer about this one. Hopefully his insights will shed some light on this issue.

    Please keep in mind though that plugin developers have a lot of responsibilities so this might take a bit longer than a normal ticket.

    Cheers,
    Ari.

  • janslu
    • Flash Drive

    Are you using any ssl plugins, have admin ssl defined, or any kind of rewrite rules for ssl?

    No. I have a clean install of 3.8.1 set up as multidomain. I have only added wpmu dashboard and multi-domains. Set up as per instructions for subdomains.

    You have not been clear on how the domains are setup. What domain is the login form on (or sub) and what

    Sorry about that.
    I've set up two domains - mowmimamo.pl was set up as a primary (during wordpress installation). Multisite was set up to use subdomains. All redirects work as they should. During the setup of the test environment I have also added another domain - mowmitato.pl into multi-domains but I don't even use it anywhere and didn't use during the tests. So far I'm still using the first, primary domain used during multisite set-up.

    If you do the logins from wp-login.php directly does it work?

    Not as I expect it.

    I have tested the following scenario:
    - single sign-on is enabled in multi-domains
    - user logged out, cookies cleared etc.
    - click log-in on the main start webpage - mowmimamo.pl to get to wp-login.php
    - enter data for an owner of a test135.mowmimamo.pl blog
    - I get logged in properly
    - without logging out I enter the main site again (mowmimamo.pl)
    - I click log-out link
    - I'm logged out on the main webpage (mowmimamo.pl)
    - I click the link to log in (mowmimamo.pl/wp-login.php)
    - again I enter the data for test135.mowmimamo.pl owner
    - instead of being logged in as previously, I am redirected to
    http://test135.mowmimamo.pl/wp-login.php?redirect_to=http%3A%2F%2Ftest135.mowmimamo.pl%2Fwp-admin%2F&reauth=1
    and have to login again.

    This happens ONLY if sisngle sign-on is enabled.

  • janslu
    • Flash Drive

    Hi Sam!
    Thank you! It seems to work as intentended on one domain. I can login/logout once and the user is properly recognized across subsites. But it doesn't work across domains. I have set up a test site with two domains:
    mowmimamo.pl (main domain)
    mowmitato.pl (optional)
    and registered user janslu3 (blog janslu3.mowmitato.pl). If I fill the login form on mowmimamo.pl I am logged in on mowmimamo domain (avatar, links etc), but I have to login again to enter the dashboard (which is on janslu3.mowmitato.pl/wp-admin).

  • janslu
    • Flash Drive

    Hi Sam,
    It works good enough for me! Thank you! During my tests I found only one problem (but it's not mission critical). Using the same scenario as above:
    main site is mowmimamo.pl, user janslu3 has a blog janslu3.mowmitato.pl ("the other" domain). Logging on on their site (janslu3.mowmitato.pl/wp-login) doesn't log the user on on the main site (mowmimamo.pl). But as I said - this is not a huge issue for me. Once again - thank you :slight_smile:

    Cheers

  • Sam
    • The Incredible Code Injector

    @Jaslu

    Thanks for your feedback and happy to hear you're good enough.
    I'm not sure the thing you indicated should be resolved at all, but I can promise that i'll talk about this with the team and review your and other user feedbacks. If the team decides we need it, I'll add this functionality in the next releases.

    Regards,
    Sam

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.