WP-Discourse Force SSO?

(Speck Of The Cosmos) #1

I’ve been trying to figure out how to force wordpress to use the discourse SSO instead of the default login. Discourse is a pretty central part of our organization and the SSO works for the wordpress install, but I’m trying to figure how to disable the old login and just use Discourse instead of it just being an option. Some SSO providers like Jetpack offer this as part of their plugin, but it seems like there should be an easy way to modify my theme or something to make the login just use Discourse.

(Simon Cossar) #2

I think an easy approach would be to password protect wp-login.php and then create your own login page. You can create a login link with the [discourse_sso_client] shortcode, or by creating a link with this form:

<a href="http://wordpress.dev/?discourse_sso=1&redirect_to=http://wordpress.dev/">Link Text</a>

(Speck Of The Cosmos) #3

Will that work for redirects? Like if someone has a bookmark for https://mywebsite.com/wp-admin and they go there and aren’t logged in, they get sent to the login page. Then when they log in they get sent back to the dashboard. If I do what you say, will it send them to my custom page for the redirect or just fail?

Even now log in with discourse doesn’t redirect back to the page I was on and instead sends me to the home page. It seems like the plugin is unaware of the redirect behavior.

(Simon Cossar) #4

Are there any other plugins on your site that are setting a login redirect? Before the WP Discourse plugin redirects the user to the URL provided in the redirect_to parameter, it calls the wp_login action. If another plugin is hooking into this action to redirect users, it will always take precedence.

Unless another plugin is overriding the behaviour, it will always redirect the user to the URL you have added to the redirect_to parameter. If there is a redirect in place from that URL to another one, it will be applied.

(Speck Of The Cosmos) #5

I still don’t think I’m explaining this correctly.

There’s two ways to prompt a login screen on wordpress. One, you click on a login link or go to /wp-login. I can indeed modify that to whatever I like using a plugin or whatever.

Two, I try to go /wp-admin, but wait, my login has expired so I need to login again, wordpress then redirects me to the wp-login page or even loads the login as in interstitial, where I login and am then returned to the original /wp-admin page that I was trying to get to or the interstitial is dismissed and I’m at the page I intended to be on.

That’s what I mean by the word redirect in my previous post.

Now I have two questions.

  1. If I create a custom login, will wordpress redirect me to that from some other page I need to be logged in for or will it fail because I’ve removed /wp-login?

  2. Why doesn’t the ‘login with discourse’ option not know that I was trying to get to the /wp-admin page and instead redirects me to homepage or some other preselected page instead of taking me back to the /wp-admin page that I was already on as the login dialogue came up.

That make sense?

(Simon Cossar) #6

If the WP Discourse plugin is working as it’s meant to, it will return you to the page that is set by the redirect_to parameter of the Login with Discourse link. If you were redirected to your login page when trying to access /wp-admin it won’t redirect you back to /wp-admin.

(Speck Of The Cosmos) #7

Yes, why does it do that instead of mirror the behavior of wordpress itself?

(Simon Cossar) #8

Because the way it’s doing it now is more straightforward, and you are the first person who has asked about it. I’ll look at this next week.

(Simon Cossar) #9

It turns out this is easy to fix. Thanks for asking about it! It will be in the next update - later this week, or early next week.