Marco van Wieren

Hi @vladislavunterberg Unfortunately I didn’t receive your email. Can you resend through the website https://www.wpo365.com/contact/? Sorry for any inconvenience!

@vladislavunterberg Can you please try and activate (on the plugin’s wizard Miscellaneous tab) the Use older ID token parser option? Also, it would be really helpful for me, if you could enable debug mode and log your ID token (for both options, see the Debug tab), copy the ID token and send it to me by mail (don’t post it here) at marco at wpo365 dot com? It would help me understand why it can’t be processed. I’ve tested it extensively, but obviously ID tokens are a bit fuzzy by definition …

• This reply was modified 5 years, 6 months ago by Marco van Wieren.

Hi @vladislavunterberg Can you check whether admin-ajax.php has been deleted from the Pages Blacklist on the Single Sign-on tab of the plugin’s wizard? It seems that the plugin tries to authenticate requests to admin-ajax.php (or maybe you have other plugin’s that prevent access to the AJAX api)? Entries in the Pages blacklist, however, are skipped by the plugin. In this case, calls to admin-ajax.php are authenticated by WordPress (user has to be signed in).

Hi – Yes, you’re absolutely right. Thusfar Azure AD v2.0 has been in preview and now it has been made Generally Available. The plugin has been prepared for this since start of this year and you can follow this instructional video https://youtu.be/lzqJSWrybvk.

In the next few weeks I’ll be producing new videos to represent the updated Azure AD status.

Thanks for asking and please comeback if anything is not clear!

Hi @peptrig …. Sorry for the belated reaction! Yes, it works fine with MFA. MFA is dealt with between Microsoft and the user and once the user has provided a second token for verifcation purposes, Microsoft will complete the sign-in and return the requested ID token that the plugin needs to function properly.

No reaction since 1 month therefore closing this topic.

Thank you so much… It’s this kind of feedback that keeps me motivated and going!

Hi @9grams … You write that you have corresponding user both on 365 and on the WP site. For the plugin to “find” them, you must make sure that either the login names in both systems are identical or the user’s email address as registered in WordPress must correspond to their O365 login name (which often corresponds to their login name) … Feel free contact me with more details directly through the website https://www.wpo365.com/contact/.

• This reply was modified 5 years, 9 months ago by Marco van Wieren.

Hi @cabata. Have you seen the Pages Blacklist configuration option? Here you should add pages for which you’d like the plugin to skip authentication. However, you cannot exclude the root landing / home page from authentication, or you should switch the Authentication Scenario and select “Internet”. However, with this scenario, all front end pages and posts are basically freely available. Probably you’d want a “reverse” scenario in which all front end pages and post are basically made private (require authentication) apart from a handful of pages that you’ve added to a whitelist. This functionality, however, is currently not available. Please contact me through the contact form if this is a feature request and I’ll take it into consideration.

Hi @optym. Unfortunately, that is not a supported scenario! Once you network install the plugin, it will work for all sites. You can find more info on support for multisites on our website. If you’d like to request a new feature, then please contact me through the form on the website and I’ll take this into consideration for a future release.

Thanks Jeremy! Good to see that you think it was easy to set up …

Hi Nathan. Sorry for the somewhat late reply. Can you please contact us directy by sending an email to [email protected] and tell me the exact date and time you tried to enter your transaction. I looked in our system but didn’t seem to find an entry with your name.

This issue addressed here was solved by updated version v5.3 / v4.6 (Pages Blacklist can now include query string parts e.g. “?api=” but administrators need to be aware that this can potentially weaken overall security read more).

To skip authentication for pages you can use the Page Blacklist setting and I’m not sure why you write that it doesn’t work perfectly. What I assume is that you have a requirement and it doesn’t work well with your requirement. For each request the plugin will check the last (= trailing) part of the current path. So when your path is https://www.example.com/etc/ then it would check whether “etc” can be found in the Pages Blacklist. If this is the case, the plugin will not try and validate the current session. So if your Pages Blacklist would be “wp-login.php;wp-cron.php;admin-ajax.php;etc” then it should cancel the current attempt to validate the authentication. If this is not the case, please use the contact form on the website to provide me some more details of what you are trying to achieve and I’ll investigate.

• This reply was modified 6 years, 1 month ago by Marco van Wieren.

Closing this issue as there are no replies.