Closed masonry47 closed 3 years ago
Since the domain is all the same, you are probably ok with using one SAML configuration. When Configuring the SP (My Provider/the Craft instance), you can set it to the default site.
Couple things:
Thanks for the quick response. We think we came up with a solution. Definitely no issue with the plugin but just for future reference, how the cookie works in our setup related to languages is, if you have a cookie set to specific language, it will force all urls with a redirect to that language. So if a user has a cookie set to show the spanish version of the site, and then went directly to https://siteurl.com/about, it would automatically redirect to the spanish version of that page like https://siteurl.com/es/about and if that URL doest exist, it just sends you to the home page of the language that the cookie is set to like https://siteurl.com/es.
So since international content admins would likely have a cookie set to one of the localized versions of the site, when they hit the SSL login button, they are hitting a URL that would look something like this:
/sso/login/request/5423432-3423-432-42342-432?RelayState=https://siteurl.com/adminpath
so it is being immediately redirected to something like https://siteurl.com/es/sso/login/request/5423432-3423-432-42342-432?RelayState=https://siteurl.com/adminpath which doesn't exist so its ending up at the home page o of that language site https://siteurl.com/es/
So we simply just excluded the forced redirect from any urls that start with SSO and that did it.
Sorry long explanation but just in case someone else experiences the same thing down the line, this may help.
Thanks!
Glad you found a solution. Thanks for sharing! I do think this will be helpful for others.
Hi there!
We are running into issues with our multisite setup. We are using multisite for localization, so there are 5 different sites with a URL structures like https://siteurl.com (default site), https://siteurl.com/es/, https://siteurl.com/fr/, etc..
So for example, if a content administrator is in Spain, a cookie is set based on IP to serve them the https://siteurl.com/es/ version of the site. When they then go to https://siteurl.com/craftadminurl and then click on the SSO login button, they are simply redirected back to https://siteurl.com/es/ and dont ever get to the Microsoft login screen (we are using Azure AD). If the user manually sets their cookie to the default version of the site with the language switcher on the front end of the site, then uses the SSO login button, all is fine.
I know that this likely is connected to #89 and #72 but we still cannot quite figure out the proper setup. Any thoughts on this?
We are using 2.6.4 of the plugin and Craft 3.5.18
Thanks so much!