Unable to login if single sign-on is disabled about mercator HOT 21 OPEN

This happened to me yesterday and I was tearing air out. I fixed it by making the site URL subsite.networkdomain.com and adding an alias for newdomain.com - instead of having the opposite (newdomain.com as the site URL and subsite.networkdomain.com as an alias), because the test cookie was always showing ".networkdomain.com" as the domain. (Then I changed my salts and emptied caches.)

Out of interest, what is the recommended was of setting up this plugin. There are no instructions provided.

from mercator.

Definitely appears to still be a problem.

from mercator.

I think this is related - 0aa1048

from mercator.

+1 for this.

Also it's not really clear where the filter needs to be loaded in order to be recoginzed. I tried running it in different places, muplugins_loaded, plugins_loaded, mercator_load all with no effect. I wound up manually disabling it within Mercator itself and then ran into this issue.

from mercator.

Running that filter right before line with require WPMU_PLUGIN_DIR . '/mercator/mercator.php'; in sunrise.php works for me.

from mercator.

I was also having this issue. When trying to log in with an aliased domain, cookie domain is incorrect. I think probably Mercator\SSO\initialize_cookie_domain needs to run whether SSO is disabled or not - currently it will not load if sso is disabled.

My current work around is the following sunrise file:

<?php

// Default mu-plugins directory if you haven't set it
defined( 'WPMU_PLUGIN_DIR' ) or define( 'WPMU_PLUGIN_DIR', WP_CONTENT_DIR . '/mu-plugins' );

add_filter( 'mercator.sso.enabled', '__return_false' );
add_action( 'muplugins_loaded', 'Mercator\\SSO\\initialize_cookie_domain' );

require WPMU_PLUGIN_DIR . '/mercator/mercator.php';

from mercator.

@humanmade any response here? seems like we shouldn't have to hack mercator to get it to work right. is there not a simple fix for this?

from mercator.

Sounds like we need to fix it :)

from mercator.

@rmccue I've been working on some fixes to the plugin. I'm assuming you would be ok with me sending some pull requests? I have one ready that fixes the "get_stylesheet_directory_uri()" and similar functions. I also figured out why people are having this SSO issue. Its because we are changing the "site_url" which after reading the code I realize thats not intended. I think we need to update some documentation too, to indicate the proper way to add subsites and convert them to TLDs. I'm stuck on fixing the URLs in the MySites nav, but I'll create separate issues and work them out as I move through the plugin (as long as your ok with my contributions). I'm really hoping @fansided can start using this plugin moving forward for SSO but I need it to be production ready!

from mercator.

@simonmcwhinnie @robneu I've tested the code from @cmmarslender and it works as expected. Make sure you delete all your previous cookies, or change your wp-config salts to wipe out previous sessions, and then SSO will be disabled with the filter and action from above.

@rmccue I think we just need to add this to the documentation on how to disable SSO (though I'm hoping less people will do this once we fix the issues related to having SSO enabled). Also, thoughts on moving disabling SSO to a network option page? I could build this if its desirable.

I think we can close this issue.

from mercator.

Reasoning for disabling SSO wasn't so much that it wasn't working (it was working, when it was enabled) - but more about the fact that there seemed to be a blocking request to admin-ajax every page load for logged out users - Understand why, but that wasn't desirable for performance reasons (both client side and server load).

To me, seems like initialize_cookie_domain should be called whether SSO is enabled or not, rather than just documenting my current workaround.

from mercator.

To me, seems like initialize_cookie_domain should be called whether SSO is enabled or not, rather than just documenting my current workaround.

I agree; we should move this out of SSO and into the main Mercator file, and always hook it in.

from mercator.

Yes, that kind of works, until you notice the wp-admin bar dropdown of sites having wrong URL's which causes the links to fail / redirect you to a login page with &reauth=1.\

How it was intended to be setup, well, thats on @rmccue I'm not 100% sure.

from mercator.

Apologies for not following this thread correctly - I didn't pick up on the fact that SSO is disabled via sunrise.php - I was messing with Jetpack SSO; an entirely different thing it would seem. I have added the workaround in sunrise.php and am seeing faster page load times. +1 for building this in.

@scarstens so far, fingers crossed and touching wood, I haven't noticed the rogue URL effects in wp-admin bar that you described. I did replace salts and clean all caches (memcache, nginx fastcgi, pagespeed) - so far so good.

It would be nice for my sites to have their site URL as the main domain though. Not sure what else will be affected by doing the opposite.

from mercator.

@robrecord have you tried navigation between your sites using the wp-admin bar dropdown? this is where the problem starts.

from mercator.

It appears to work for me, after first logging in to network.com/wp-admin

The sites in the dropdown all have subdomain URLs, but it works okay and doesn't ask me to log in again. which is surprising as I thought I had disabled SSO in sunrise.php.. or maybe I'm doing it wrong.

Would be keen to find any bugs ahead of time so if there's some refinement I should make in order to see the bug, please let me know. Thanks

Rob

http://robrecord.com | +44 (0) 7535 271 502

On 26 Feb 2016, at 16:26, Seth Carstens [email protected] wrote:

@robrecord https://github.com/robrecord have you tried navigation between your sites using the wp-admin bar dropdown? this is where the problem starts.

—
Reply to this email directly or view it on GitHub #48 (comment).

from mercator.

@robrecord whenever youtube decides to encode my video, this demo should show you the problem I'm having with WordPress reauth filter vs mercator

https://www.youtube.com/watch?v=9fN5Q7ZixQQ

from mercator.

Ok yes I'm seeing the same issue.

Another workaround is to set the primary domain as the site URL, and have the subdomain as an alias. If you then add another alias with WWW in front, you can sign in by accessing the website using the WWW alias.

This isn't great for my clients who have to remember to do this.

Would really like to get this fixed. Is there any way I can help?

from mercator.

I had the same Issue when using add_filter( 'mercator.sso.enabled', '__return_false' ); and i fixed it by adding the following.

add_action( 'muplugins_loaded', function () {
	if ( defined( 'COOKIE_DOMAIN' ) ) {
		return;
	}

	$current_site = $GLOBALS['current_blog'];
	$real_domain  = $current_site->domain;
	$domain       = $_SERVER['HTTP_HOST'];

	if ( $domain === $real_domain ) {
		$cookie_domain = $real_domain;
		if ( 'www.' === substr( $cookie_domain, 0, 4 ) ) {
			$cookie_domain = substr( $cookie_domain, 4 );
		}

		define( 'COOKIE_DOMAIN', $cookie_domain );
	}
} );

Basically doing the same thing Mercator\SSO\initialize_cookie_domain would do but not bailing if it is not in a mapped (so that it works for the primary domain).
There is no $GLOBALS['mercator_current_mapping'], because Mercator\register_mapped_filters bails out if it is the primary domain in the site URL.

(Actually just noticed the dates and not sure if this issue is still completely relevant, but I'm going to say yes, since I just had this issue^^)

from mercator.

I got this error message,

The constant COOKIE_DOMAIN is defined (probably in wp-config.php). Please remove or comment out that define() line.

"COOKIE_DOMAIN" constatnt is important for wpmudev domain mapping
because I am using multi network plugin, need to enable two domain mapping system

from mercator.

@masterseoonline COOKIE_DOMAIN will be set automatically during the domain mapping process, you do not need to set it manually in your config.

from mercator.