SSO login problem for Domain Mapping and Multi Domains

I am facing an issue with SSO/Cross-domain login not working. I am using both Domain Mapping & Multi-Domains plugin.

Issue:
If a super admin who is logged in to the WP MU at the main domain (say Domain A) tried to visit the dashboard of his another website which is hosted on subdomain of a different domain (Subdomain of Domain B) and is mapped to its own custom domain (Domain C), he is either redirected to login page or "Incorrect or out of date login key" error.

Elaboration:
Main Domain - Domain A
Super Admin logs in at Main Domain (Domain A)
He clicks on My Sites > Site X > Dashboard
(Here Site X is hosted on a subdomain of Domain B and is mapped to its own private domain, Domain C)
He is redirected AGAIN to the login page or to the Incorrect Date error. The URL of the login page looks like:

C/wp-login.php?redirect_to=B/wp-admin%2F&reauth=1

And no matter how many times the admin fills in the username and password, he is always redirected back to that page.
Though sometimes clearing cookies and cache before the relogin temporarily solves the issue (and sometimes it does not)

Please advise.
Thanks.

Here is a link to a thread I created in 2014 for the same issue (for reference solutions):
https://premium.wpmudev.org/forums/topic/multidomain-domain-mapping-buddypress-error

  • Mahlamusa

    Hello meetul,

    I hope you are doing great today and I am very sorry for the issues you are having and the inconveniences caused.

    Please refer to this thread: https://premium.wpmudev.org/forums/topic/incorrect-or-out-of-date-login-key#post-737147, my colleague Hoang explains that the error is cause by a conflict in the cookie domain. If you are logged in to a domain A the cookie is valid to that domain and its sub domains, but the moment you visit site B, then the cookie is not valid for that domain. Cookies of domain A are valid for domain A and its sub domain.

    If that is the case, then If logged in to domain A, SSO and Auto login should not be an issue within the sub domains of domain A and also logging in to domain B will give you auto login functionality to all sub domains of domain A.

    Please read the post I linked to above and try any of the workarounds and let us know how it all works. I am very sorry that you have to go through this trouble.

    Please enjoy the rest of your day,

    Cheers,
    Mahlamusa

    • meetul

      Thank You Mahlamusa for the elaborate explanation.

      In our case most of the users have multiple blogs hosted on different domains and they frequently need to change dashboards, hence, I am afraid Hoang's solution of re-logging everytime would not be apt in our case.

      I understand that being different domains, neither cookie nor session can be shared among domains.

      However, I was wondering would it be possible to store the session id and IP of the user in a file on the server and pass on the server and while redirecting the user to a different domain's dashboard, append a unique token (say the filename) in as a get variable in the url? So that when the user lands on the different domain's login page, the system can check the token, verify the ip and if everything seems ok, seamlessly restores the session data for the new domain as well?

      1) User logs in Domain A (Main Domain)
      2) System creates a unique file (sessions/ABCD1234.dat) with IP and Session ID of Domain A
      3) The link of MySites>Site X> Dashboard changes from B.com/wp-admin to B.com/wp-admin?token=ABCD1234
      4) At B.com/wp-admin, we check the token. If file exists, match the IP. If the IP matches, read the session data and restore the same in the session for the domain B.

      I believe a database entry may also be used instead of the session file in step 2. I was wondering if this is technically feasible. Please advise.

      Thanks & Regards
      Meetul Jain