Using this plugin with OAuth/SSO

Hi– thanks for using Force Login!

I’ve used a couple plugins […]

What plugins are you using?

[…] when someone clicks the ‘Single Sign On’ button, they are directed to <my-url>/?auth=sso However, when using the force login plugin, the user is unable to be redirected to the site where my OAuth server is hosted.

When I clicked the ‘Single Sign On’ button I was redirected to another WP site login screen. I can’t confirm if SSO works, because I don’t have a login, but it seems the redirect works.

I was having trouble whitelisting regular pages on my website

I recommend you use the v_forcelogin_bypass filter to allow exceptions for certain pages or posts. Post your code if you want me to review it.

I’m currently using this plugin on the site I’m using Force Login on, and this one on the site I’m running the server on. (Though I may switch to the miniOrange OAuth plugins in the end, but I suspect it’s going to be a similar issue)

The reason the redirect works is because Force Login is currently disabled, for the purposes of showing you what is supposed to happen.

I was a little unsure of how to configure and use v_forcelogin_bypass, which is why I went with v_forcelogin_whitelist.

This is what I currently have (I was attempting to whitelist the about page as well, for testing purposes, but was unable to):

function my_forcelogin_whitelist( $whitelist ) {
 $whitelist[] = site_url( '/?auth=sso' );
 $whitelist[] = site_url( '/about/' );
  return $whitelist;
}
add_filter('v_forcelogin_whitelist', 'my_forcelogin_whitelist', 10, 1);

Thanks again for your help.

Side note: if you are willing, and it would be helpful to you, I would happily provide you with a login to my site dashboard.

• This reply was modified 6 years, 5 months ago by maxtheax.
• This reply was modified 6 years, 5 months ago by maxtheax.

It looks like there might be a conflict with the SSO Client plugin and the following script might allow the SSO Client plugin to work:

/**
 * Bypass Force Login to allow for exceptions.
 *
 * @return bool Whether to disable Force Login. Default false.
 */
function my_forcelogin_bypass( $bypass ) {
  global $wp_query;
  if ( $wp_query->get( 'auth' ) && $wp_query->get( 'auth' ) == 'sso' ) {
    $bypass = true;
  }
  return $bypass;
}
add_filter( 'v_forcelogin_bypass', 'my_forcelogin_bypass' );

As for your whitelist code, it looks correct, but which site are you adding it to? The SSO client site or the SSO server site?

Also, you can chat with me directly about this @kevinvess on Slack.

• This reply was modified 6 years, 5 months ago by Kevin Vess. Reason: added link to slack

Hey Kevin, I’m using miniOrange SAML 2.0 SSO plugin to login and authenticate new users. Is there a way to use Force Plugin with that? Currently, your plugin forces users to a wp-admin screen, which won’t accept SSO credentials.

• This reply was modified 6 years, 4 months ago by jweierman. Reason: added notification and corrected typo