Feature Automatic Login / Single sign-on added

Hello JochenT, I’ve installed this modified version replacing ad-integration.php and admin.php with no luck. I can see the setting in the wordpress plugin console and it’s configured OK, but the users are no logged in automatically.
I’ve already imported all the users with the bulk method succesfully also.
The web server is a Windows 2008 so NTLM is fully supported.
Do you have any suggestions?

Regards,

Hernán

Hi Hernán,

sorry for the late answer.

There are several things I had problems with which you might check:

• Don’t allow a parallel access via AuthType ‘Basic’ in the .htaccess
• Explicitly log out before testing as existing login cookies may conflict with the auto login.
• Show User Status: On (for verifying connection with AD)
• Eventually delete the user account and let it recreate with option ‘Automatic User Creation’. After auto login the user should appear again with user status marked as AD user.
• Automatic User Creation: On (not always necessary)
• Don’t use the WP user ‘admin’ (which has ID 1) for testing the auto login.
• Add define('WP_DEBUG', true); in file wp-config.php. This will create a debug log in folder …/plugins/active-directory-integration/ where you can check the successful login. Don’t forget to disable again after testing.

Hi i have instaled the plugin. modyfied the files.

I have LDAP support, ad integration is working. SSO enabled in config after modyfication.

I have NTLM enabled in Apache and working.

But WordPress 4.3 doesnt log in automaticly.

Any ideas ? How to debug this ?

The best options for testing are the ‘Test Tool’ which is part of the plugin and to set WP_DEBUG to ‘true’ as mentioned in my comment above.

For any further analysis you probably need to modify PHP files. If you are working in a none public network (i.e. within a VPN or closed local network) you may overwrite the NTLM check in function auto_login() in file ad-integration.php. Before the if-statement insert:

if (empty($_SERVER['REMOTE_USER'])) {
   $_SERVER['REMOTE_USER'] = 'myADUserName';
   $_SERVER['AUTH_TYPE']   = 'NTLM';
}

Replace myADUserName with your AD login name. This allows you to test the plugin without any real login check.

We’d be very interested in using this if we could.

Would it be possible for this to be a separate plugin, enabled alongside the Active Directory Integration plugin? Or does it need to access internals of the plugin to do its job?

If it does need to be an integral part of this plugin, has the author given any indication that he’d be willing to merge your changes in?

Is there a version of this diff that corresponds to the latest version (currently 1.1.8)?

Hi Marcus,

it is not possible to separate the changes for SSO into an additional plugin. But probably it is possible to use the modified version alternatively to the original version. If the modified version is enabled then the original version needs to be disabled and vice versa.

For this to work disable both plugins first (if any enabled). Then rename the plugin folder of the modified version (e.g. active-directory-integration to md-active-directory-integration) and do the same with the main plugin PHP file (e.g. ad-integration.php to md-ad-integration.php). After this install the original plugin v1.1.5 again. It should be no problem to switch between both plugins, but I’ve not tested this.

Currently there is no further modification than for v1.1.5. Also I do not intend to update this mod as I’ve no further access to a testing environment.

I don’t think that the author of this plugin has the intention to add this feature in the near future.