Discourse SSO with Wordpress Only Works with /core/wp-admin URL

benbowler · April 15, 2020, 2:29pm

I’ve deployed a new Wordpress plugin that relies on Discourse’s SSO but I’ve got a strange bug that only effects the live deployment of the site.

On local I can login and use the redirect_url parameter to get back to the page. However on the live site SSO only works if the redirect_url is the wp-admin URL eg.:

SSO Works great…
https://www.example.com/core/wp-login.php?redirect_to=https%3A%2F%2Fwww.example.com%2Fcore%2Fwp-admin%2F&reauth=1
https://www.example.com/?discourse_sso=1vyynljfjbqp&redirect_to=https%3A%2F%2Fwww.example.com%2Fcore%2Fwp-admin%2F

SSO Doesn’t successfully auth, it just returns to the login/post
https://www.example.com/core/wp-login.php
https://www.example.com/?discourse_sso=xsnfq1zk6rma&redirect_to=https%3A%2F%2Fwww.example.com%2F

Have you come across this before, any ideas where to look? If it persists I’ll have to build my own redirection mechanism to catch wp-admin

itsbhanusharma · April 15, 2020, 3:06pm

I’m pretty confident that there is either a misconfigured reverse proxy or similar shenanigan at play here. Are you using cloudflare by any chance?

benbowler · April 15, 2020, 3:21pm

Yes it’s Cloudflare - are there any settings in Cloudflare we can test.

pfaffman · April 15, 2020, 4:18pm

Turn off the orange cloud.

benbowler · April 15, 2020, 4:30pm

Haha, that’s not my decision, the site uses Cloudflare as a primary cache. I’ll have to do some research into reverse proxies and see if I can adjust any of the settings in CF

pfaffman · April 15, 2020, 4:33pm

There are dozens of topics about problems caused by cloudflare’s optimizations. You could use couldflare as a CDN, and that would have discourse redirect only stuff that can be cached through cloudflare.

You could also temporarily disable it and see whether that solves the problem.

itsbhanusharma · April 15, 2020, 4:56pm

Simply disable cloudflare “performance” and “rocket loader” on discourse through page rules that should most probably fix it for you

benbowler · April 15, 2020, 4:57pm

Yes, this is a strange mixture of issues, partially down to the WP installation director it seems as well. I’ve written a work around for now that always redirects to /core/wp-admin then there’s a final ?final_redirect_url that my own hook picks up and actions to take us back to where we want to be.

simon · April 15, 2020, 5:19pm

It looks like you are using WP Discourse – WordPress plugin | WordPress.org with the SSO Client option enabled (Discourse is the SSO provider.) Can you confirm that this is the case?

Topic		Replies	Views
SSO with wordpress help wordpress	9	2224	May 24, 2019
SSO Configured but Not Working wordpress	7	3065	March 3, 2017
WP SSO Host. Discourse SSO Client setup not working wordpress	2	908	January 28, 2018
WP Discourse SSO not working / looping back to wordpress wordpress	14	1430	November 19, 2017
Using Discourse as SSO provider but facilitating users continuing task on Wordpress? wordpress	3	644	October 4, 2022

Discourse SSO with Wordpress Only Works with /core/wp-admin URL

Related Topics