Comments on: OpenSSO Single Sign-on Plugin for WordPress

By: OpenSSO Single Sign-on Extension for MediaWiki « Superpatterns

OpenSSO Single Sign-on Extension for MediaWiki « Superpatterns — Tue, 23 Feb 2010 05:03:39 +0000

[...] targeting PHP CMS applications (see my previous entries covering the extensions for Drupal, WordPress and Joomla), I decided to look at MediaWiki, the PHP application powering Wikipedia and many other [...]

By: Ramoonus

Ramoonus — Sun, 02 Aug 2009 09:04:32 +0000

The best way to get this plugin to the masses is to upload it to Wordpress` plugin directory
then it also supports easier updating for the users

By: Anonymous

Anonymous — Wed, 29 Jul 2009 01:21:13 +0000

Pat, a redirect within two seconds will not indicate a loop – at least not for us. We have the ‘problem’ where our backend application is behind sjsws acting as a URL policy enforcement point. In CDSSO mode the first access to that application is the POST of LARES, this post is proxied back to the app, but without the session cookie in the request as that cookie is set on response to the LARES.
Because the backend app requires the session cookie (it uses j2ee agent – though it could be because it uses SDK) it redirects back to login which imediately redirects back as the user is authenticated, this time the session cookie comes through.
I thought there was already an option to stop redirects after a number of redirects – will try find that setting…

By: horto

horto — Tue, 28 Jul 2009 18:43:17 +0000

bravo, pat!

By: Pat Patterson

Pat Patterson — Tue, 28 Jul 2009 16:43:45 +0000

Damien – yes – I think that is the correct behavior. If we have a username from OpenSSO, but there is no corresponding user in the other system we should show an error page and stop the redirect madness

I’m also thinking about how to detect and stop redirect loops in general – for instance, if you misconfigure the OpenSSO cookie name or the DNS domains don’t match. I’m thinking about a cookie holding the time we did the redirect. If we try to do another redirect to the OpenSSO login page within (say) 2 seconds of the last one, we’re likely in a redirect loop. I’ll try this out in the Drupal/WordPress providers and see how it works.

Dennis – the PHP client SDK was a contribution from the community. IIRC, we did the identity services soon after, and no one has really used (or even asked about) the PHP SDK since – not even its author. No users + no mail traffic + no bug reports => no development…

By: Dennis

Dennis — Tue, 28 Jul 2009 08:13:11 +0000

Hey, is the PHP Client still under active development? Since more than 2 years nothing happened there. You should think about providing real support for that piece of code.
Thanks

By: Damien

Damien — Tue, 28 Jul 2009 01:45:43 +0000

Hi Pat. Regarding the redirection loop for OpenSSO/wordpress - the same condition exists for the Jira/Confluence plugin (seraph). I suppose the correct behaviour would be to display an error page (customisable)?