When I originally set up SSO with WordPress, users would go to the forum URL, get redirected to the WordPress login page and after login get redirected back to the forum.
But at some point, this changed and I have no idea how. Now after the WordPress login, the user gets redirected to the WordPress dashboard.
Also, the other weird thing is that when I logout of Discourse, I see a message “You Were Logged Out” but when I click the “Refresh” button, it didn’t actually log me out. And I can still post, reply etc. I sometimes have to logout 2 or 3 times until I’m actually logged out for real. So it works, just not consistently.
There is probably a Wordpress plugin interfering with your routes and/or hooking upon your login functions. Just disable half of your Wordpress plugins and see which half causes the issue, then disable half of the plugins in that group etcetera.
Start with plugins that have something to do with authentication, memberships, login.
Michael’s answer is probably correct. Also, do you have the Woocommerce plugin installed on your site? If so, there is some code you can add to your site to fix the problem.
The logout issue may be related to the login redirect issue. If disabling plugins doesn’t solve the problem, let us know.
The login issue seems to be a conflict with the MemberPress plugin. So I guess I need to dig into a possible solution with them.
The logout issue was caused by a redirection plugin. There was a home page redirect that was causing the problem with the Discourse logout.
Michael – really appreciate your help and for the advice on plugins might be suspects. It saved me a ton of time because those were the first two plugins I checked.
Simon – thanks for telling me about the WordPress Health Check plugin. I hadn’t heard of that before but I’m going to install it now and use it for troubleshooting in future.
Look through the plugin’s settings for any login redirects it creates. It seems that it’s redirecting users to their profile page before the WP Discourse plugin can redirect users back to Discourse. If you find the solution, please post it here. If you don’t find the solution, let us know. I can try installing MemberPress on my local site.
Yes, the Health Check plugin is great for debugging this kind of thing.
I haven’t been able to get anywhere with MemberPress on solving this. It’s definitely a conflict with MemberPress because that’s the only plugin where I’ve set a specific redirect URL i.e. /jump
I’m not really sure where to go from here. When someone logs on from my WordPress site I want to redirect those people to /jump after the login. So MemberPress is doing it’s job there.
But when people access my discourse site e.g. community.mydomain.com, they get redirected to the WordPress login page but after login they also get sent to /jump instead of redirecting back to the forum.
Do you know what settings you have enabled on MemberPress to create the redirect? I have a recent version of MemberPress installed on my dev site, but have been unable to recreate either the login issue, or the issue with users not getting logged out of Discourse.
Is your WordPress site on a multisite installation, or is it just a normal WordPress installation?
It’s possible the issue you are seeing with users not being logged out of Discourse is that your Discourse site is set to require logins to view content. In this case, refreshing the Discourse page will initiate SSO login. To fully log users out of Discourse, you need to also log them out of WordPress. This can be done by entering https://example.com/?request=logout in the Discourse logout redirect site setting. Replace example.com with your WordPress site’s domain. Let me know if you’ve done this and it still isn’t working.
It’s a normal WordPress installation (not multisite). And the logout has been fixed.
The problem is with redirect after login i.e. users don’t get redirected back to the Discourse site after the WP login. Instead it looks like MemberPress is sending them to a default page on WordPress.
The problem is happening in the track_and_override_login_redirect_mepr function. That function is hooked into with the MemberPress mepr-process-login-redirect-url filter. It may be possible to hook into this function and override it by checking for the query that have been set. This can be done with the wp_get_referer() function.
I don’t think I’ll have time to sort this out today, but I’ll take another look at it in the next few days.
I took another look at this while it’s fresh in my mind. Adding the following function to my theme’s functions.php file solved the issue for me, but this hasn’t been tested very much.
The function is hooking into the 'mepr-process-login-redirect-url' filter before it is hooked into by MemberPress. It then checks the value of the query params to see if the query was initiated by an SSO request from Discourse. If it was, it redirects the user to the WordPress homepage with the query params intact. This will cause the WP Discourse plugin to complete the SSO request. I think this can still work if your homepage is being protected by MemberPress, but it would be good to confirm that.
If the request was not initiated by Discourse, the static MeprProductsCtrl::track_and_override_login_redirect_mepr is called with the arguments that were passed to the filter.
I’m a little hesitant to recommend adding this code to your production site. If you do try it, make sure that you can remove the code from your server in case it breaks your site. Be sure to test it out will as many user/membership-levels as possible.