You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We have a multisite installation with about 700 sites and are in the process of implementing this plugin to connect to the main Identity provider. What I am trying to achieve is that as soon as somebody wishes to log in on a subsite, they get redirected to the main site for openID authentication. Then they get redirected back by the Wordpress "redirect_to". (Reason for this is that the Identity provider is managed by a different department and we do not want to add 700 redirect_uris to the config.)
This scenario is working on our test server with sub-domains, but it is not working with mapped domains. The problem seems to be that we are redirecting to the main domain, where the logged_in cookie is set, and redirecting back to a mapped domain where the browser wont allow a cookie from a different domain.
So this works for sub-domains, but not for mapped domains:
go to sub.domain.com/wp-admin > redirect to: domain.com/wp-admin?redirect_to:sub.domain.com/wp-admin > authenticate with openID > redirect back to sub.domain.com/wp-admin > logged in
Does anybody have a solution for this problem? Maybe add the logged_in cookie after the redirect using the appropriate hooks? Or is this impossible to fix as browsers simply will not allow for cross-site cookie manipulation.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
We have a multisite installation with about 700 sites and are in the process of implementing this plugin to connect to the main Identity provider. What I am trying to achieve is that as soon as somebody wishes to log in on a subsite, they get redirected to the main site for openID authentication. Then they get redirected back by the Wordpress "redirect_to". (Reason for this is that the Identity provider is managed by a different department and we do not want to add 700 redirect_uris to the config.)
This scenario is working on our test server with sub-domains, but it is not working with mapped domains. The problem seems to be that we are redirecting to the main domain, where the logged_in cookie is set, and redirecting back to a mapped domain where the browser wont allow a cookie from a different domain.
So this works for sub-domains, but not for mapped domains:
go to sub.domain.com/wp-admin > redirect to: domain.com/wp-admin?redirect_to:sub.domain.com/wp-admin > authenticate with openID > redirect back to sub.domain.com/wp-admin > logged in
Does anybody have a solution for this problem? Maybe add the logged_in cookie after the redirect using the appropriate hooks? Or is this impossible to fix as browsers simply will not allow for cross-site cookie manipulation.
Beta Was this translation helpful? Give feedback.
All reactions