Embedded sign-in in combination with the plugin?

  • Resolved Philipp Bammes

    (@tyrannous)


    1 year, 12 months ago

    Hi Marco! @wpo365

    We’ve been using your plugins (both the free and paid versions) on a couple of client systems, and they always have been working great.

    One client wants to replace the regular “WordPress login form + SSO button” combination with an “Embedded sign-in” iframe. Documentation here: https://learn.microsoft.com/en-us/azure/active-directory-b2c/embedded-login.

    I wonder how that works together with the logic the WPO365 plugin provides. Does it support these iframes? Or can we implement them manually, and WPO365 would somehow detect the login + redirect and treat them like they happened with the regular SSO button, so it would still create new users, etc.?

    On that specific client, we only use the free version, and AFAIK, we only use these features:

    • Redirect anonymous requests to the backend to Microsoft
    • Display the “Microsoft” button in login forms -> to be replaced
    • Create new WordPress users

    While we could develop the needed features rather easily ourselves, we would be reinventing the wheel. Also, we would lose the ability to potentially use any of the premium add-ons for more advanced features. Also, I’m afraid we overlook “hidden” features we’d also have to re-implement.

    Since we don’t have access to a test Azure instance or users in any directory of our clients, we can’t test this upfront.

    It would be great if you could shed some light on the situation. Thanks!
    Philipp

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Author Marco van Wieren

    (@wpo365)

    Hi @tyrannous

    I quickly read the documentation and I have the feeling that this should almost work out-of-the-(premium)-box.

    From what I understand, you must embed an iframe in your WordPress website that requests a URL that will automatically redirect the user to the Azure AD B2C login page. So in other words: When the iframe is initialized, it will first request e.g. https://your-website.com/signup-signin/ and if you added this URL to the list of Private pages (on the plugin’s Single Sign-on configuration page when you selected the Internet Authentication scenario, also on the Single Sign-on configuration page) then the plugin will automatically redirect to Microsoft (assuming that the user is not signed in – when the user is already signed in, you need to make sure that you have hidden the iframe).

    As soon as the user has authenticated successfully, the user will be redirected back to the website. The plugin will detect the ID token, processes it and will sign in the user.

    I wrote almost, because there are a few things that need to be tested and probably adapted.

    First of all, the plugin is iframe-aware and as soon as it detects an iframe it will initialize a popup to start authentication (if authentication is required, that is). However, this behavior must be supressed.

    Secondly, the plugin does not support custom login domains for Azure AD B2C at the moment. It will always send the user to <your-domain>.b2clogin.com instead. This will cause cookie-related trouble.

    Thirdly, when the user is redirected back in the iframe, the top level window needs to be reloaded e.g. to hide the iframe and to reload the page for the logged-in user. Similar functionality is currently implemented for the iframe-popup logic. Alternatively, the user is redirected to a page that reloads the top window.

    I find this approach very interesting and I recommend that you add this request also as an idea to the plugin’s user voice.

    Is this something that can wait to the begin of the new year 2023?

    Thread Starter Philipp Bammes

    (@tyrannous)

    Hi Marco,

    Thank you very much for your detailed response!

    Is this something that can wait to the begin of the new year 2023?

    This is one of the “everything needs to be done yesterday” clients. So while I’m glad you seem to consider this a possible addition to the plugin, the SSO feature is supposed to go live in February 2023. If I may speak openly, I’m afraid of doing “nothing” ourselves and hoping for the plugin to gain support for that feature in time.

    I wrote almost, because there are a few things that need to be tested and probably adapted.

    Do you mean that the points you mentioned would need to be changed in the plugin by you, or can be adjusted by us developers? Sorry, I never checked the plugin’s source code for possible filters, etc.

    […] add this request […] as an idea to the plugin’s user voice.

    Thanks, I didn’t know this existed. Added it (and another one from an earlier email ?? ).

    Plugin Author Marco van Wieren

    (@wpo365)

    Hi @tyrannous

    I’ll see what can be done in December from a development point of view.

    PS Thanks for User Voice entries!

    Plugin Author Marco van Wieren

    (@wpo365)

    Hi @tyrannous

    I have made some good progress with Azure AD B2C embedded login and manage to test it successfully at my end. It supports the necessary custom B2C domain e.g. login.contoso.com plus you can select a policy of your choice e.g. to sign in or to sign up. Furthermore, I have added a shortcode that you can embed on a page that you would then call as your initial source of the iframe. The shortcode will then initiate the redirect inside the iframe to the Azure AD B2C login page. This shortcode can be parameterized with an Azure AD B2C policy and a URL where the user should be sent upon successful authentication. That URL should then point to a page that would not do anything else but refresh the top level window (to burst out the iframe).

    Let me know if you’re interested in testing this solution by contacting me via support [@] wpo365 email channel so I can provide you with download instructions.

    Plugin Author Marco van Wieren

    (@wpo365)

    Hi @tyrannous

    The new functions proposed and discussed here have long since become part of the production version of WPO365. Therefore I am closing this issue and mark it as resolved.

    Thanks!

    -Marco

    Thread Starter Philipp Bammes

    (@tyrannous)

    Hi @wpo365, thanks so much for adding support for Embedded sign-in, and sorry for not getting back to you earlier. Unfortunately, the client ditched using this feature (because of technical limitations on Azure side) and decided to use the regular login button instead.

    Thanks!

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Embedded sign-in in combination with the plugin?’ is closed to new replies.

Tags