Discourse SSO with Wordpress Only Works with /core/wp-admin URL

I’ve deployed a new Wordpress plugin that relies on Discourse’s SSO but I’ve got a strange bug that only effects the live deployment of the site.

On local I can login and use the redirect_url parameter to get back to the page. However on the live site SSO only works if the redirect_url is the wp-admin URL eg.:

SSO Works great…

SSO Doesn’t successfully auth, it just returns to the login/post

Have you come across this before, any ideas where to look? If it persists I’ll have to build my own redirection mechanism to catch wp-admin

I’m pretty confident that there is either a misconfigured reverse proxy or similar shenanigan at play here. Are you using cloudflare by any chance?

1 Like

Yes it’s Cloudflare - are there any settings in Cloudflare we can test.

Turn off the orange cloud.

Haha, that’s not my decision, the site uses Cloudflare as a primary cache. I’ll have to do some research into reverse proxies and see if I can adjust any of the settings in CF

There are dozens of topics about problems caused by cloudflare’s optimizations. You could use couldflare as a CDN, and that would have discourse redirect only stuff that can be cached through cloudflare.

You could also temporarily disable it and see whether that solves the problem.

Simply disable cloudflare “performance” and “rocket loader” on discourse through page rules that should most probably fix it for you

1 Like

Yes, this is a strange mixture of issues, partially down to the WP installation director it seems as well. I’ve written a work around for now that always redirects to /core/wp-admin then there’s a final ?final_redirect_url that my own hook picks up and actions to take us back to where we want to be.

1 Like

It looks like you are using WP Discourse – WordPress plugin | WordPress.org with the SSO Client option enabled (Discourse is the SSO provider.) Can you confirm that this is the case?

1 Like