Remote Login Troubleshooting

  • Resolved Josh Eby

    (@josheby)


    9 years, 6 months ago

    Hello! I am working on adapting this plugin to map a domain to a sub directory multisite network rather than to individual blogs. This allows keeping all of the admin/login on network.example.com where there is a wildcard SSL for example.com. All front-end access happens on network.com.

    For example:
    network.example.com –> network.com
    network.example.com/blog1 –> network.com/blog1
    network.example.com/blog2 –> network.com/blog2

    I have 90% of it working I think, but am having issues with the remote login functionality. I have narrowed it down to the fact that auth cookies are never being set for the mapped domain so when it gets to the remote_login_js function, it exits because is fails the check for !is_user_logged_in().

    In the normal operation of the domain mapping plugin, does the login page display from the original or mapped domain? It is showing from the original domain in my current instance and I am wondering if that is what is causing the issue or not. It stays logged in correctly on the original domain, but the admin bar is not displayed when looking at the front end as it doesn’t think I am logged in when using the mapped domain.

    Any help on how the remote login is supposed to work would be greatly appreciated.

    So far I have done this with just a custom sunrise.php and 2 small changes to domain_mapping.php. in the domain_mapping table I just have a row for each blog mapped to the same domain.

    Thank you in advance for your help.

    https://www.ads-software.com/plugins/wordpress-mu-domain-mapping/

Viewing 9 replies - 1 through 9 (of 9 total)
  • Plugin Author Ron Rennick

    (@wpmuguru)

    does the login page display from the original or mapped domain?

    That depends on your settings.

    Have you tried logging into the mapped domain & checking to see if you are logged into the unmapped network?

    Thread Starter Josh Eby

    (@josheby)

    The login page is being displayed using the original domain right now. Is the intent to login from the mapped domain and then it logs you into the original domain in the background?

    Plugin Author Ron Rennick

    (@wpmuguru)

    Yes.

    Thread Starter Josh Eby

    (@josheby)

    My reason for attempting this is so that I can force SSL for Admin/Login using a wildcard SSL on the original sub-domain address… (i.e. example.network.com) and then have the front-end served from standard HTTP on the mapped domain (i.e. example.com).

    Now that I understand a bit more about how this works, would I essentially be removing any security I added using the SSL on the original domain by authenticating them on the non-SSL mapped domain as well?

    Their login would have happened over SSL, but this process will set the auth cookies on the non-SSL domain as well which means those cookies would be getting sent to the server unsecured. This would prevent someone from grabbing the username and password, but not necessarily the keys in the cookies.

    I think I can reverse engineer the remote login to work the other direction, meaning that the initial login happens at the original domain and them remote login makes the authentication happen on the mapped domain, but am just curious if I am going to be defeating the purpose of using SSL in the first place.

    My initial thoughts are that it is no different than a typical WordPress site when they only enforce SSL on the admin side. They are still logged in on the front-end, just over HTTP. So maybe it isn’t a big issue.

    I am not 100% familiar with the exact way WordPress uses the cookies to maintain authentication so I am hoping to get some insight from others with more experience.

    Thank you in advance for your help.

    Thread Starter Josh Eby

    (@josheby)

    Well, the good news is I think I got it working. I was changing the domain on the $current_site object as well as the $current_blog object. I noticed in the original sunrise.php it was not being changed for the $current_site object. Removed that line and remote logins appear to be working. Going to do some more testing, but things look promising.

    The remote login appears to happen when the redirect occurs when you go to the front-end from the admin area based on my testing.

    I am still interested to know if there is anything to worry about by performing the remote login on the non-SSL side of things. I have found a few articles regarding how the authentication cookies work and I think it should be fine, or at least no worse than things are with a default install.

    Plugin Author Ron Rennick

    (@wpmuguru)

    I am still interested to know if there is anything to worry about by performing the remote login on the non-SSL side of things.

    You are probably fine as long as the dashboard runs in the unmapped domain.

    Plugin Author Ron Rennick

    (@wpmuguru)

    Sorry, posted a second here instead of in another thread.

    Thread Starter Josh Eby

    (@josheby)

    Yeah the entire dashboard and login process happens on the unmapped domain so then I should be all set.

    Thank you for your help!

    Josheby:
    Ive been battling with the same problem.
    I can log gin from the mapped domain (non ssl) and enter the original domain (ssl) to make edits to pages etc. But going to the front side I not logged in there.. no admin bar nor menu items for logged in users.

    Would you mind sharing your solution?

    Thanks in advance.

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘Remote Login Troubleshooting’ is closed to new replies.