search

psignoret / aad-sso-wordpress

Single Sign-on with Azure Active Directory (for WordPress)
Other
270 stars 78 forks source link

usage with Network Sites #128

Open acds opened 7 years ago

acds commented 7 years ago

How is this plugin best configured if you have a network of sites. One need an Azure AD Application registration and ClientID/Secret for each site in the network to have the URL's work?

For reference I'm not using WordPress MU Domain Mapping, but the native Network support.

Using the same Azure AD for all sites. Can you add an example to the documentation for this configuration?

Zematth commented 7 years ago

Yep ! I'm in the same case : I would like one configuration for every site in my Wordpress network (An Intranet Network).

Thank's !

psignoret commented 7 years ago

I haven't yet gotten around to adding an example, but this plugin does work for multi-site, but the plugin will need to be configured in each site.

I'll look into what it would take to be able to override the per-site configuration with a global network-wide configuration.

anormore commented 7 years ago

Hi all, I just added to this to my MultiSite setup. We only have 5 sites, but in the future, will have 20+.

At the moment I have to configure this manually for each one.

@psignoret you can just copy the site settings to each post instance. Better yet, mutlisite has a change_site(1), change_site(2), change_site(3) setting. So you can do some logic in the plugin. If( isMulitiSite){ change_site(0); getAzureSettings()

Know what I mean?

EXCELLENT plugin by the way, thanks for writing.

anormore commented 7 years ago

Oh and further, I am using ONE Azure site setting across the board. You can specify individually, and in some cases have to. It's OK for our organization to redirect to the 'master site page'. But if you want to keep the user on that particular site, you MUST create another size in Azure for the reply URL to be different.

Of course, you could just do some PHP logic to remember where they're from and where they're going.

evanpalumbo commented 6 years ago

Any news on this?

fanttis commented 2 years ago

It's an old plugin, but still seems to work pretty well, so in case someone stumbles into the same issue with multisite installations here's the issue and the fix:

Issue WordPress MU installation doesn't have separate tables for users on different blogs/sites. All users are in one table wp_users and so is the usermeta. Therefore the users are assigned to the blogs/sites by role, which the plugin doesn't assign unless using AD group mapping.

Fix One fix, was to address the issue on aad-sso-wordpress.php:353, which currently reads

if ( true === $this->settings->enable_aad_group_to_wp_role ) {
  $user = $this->update_wp_user_roles( $user, $group_memberships );
}

By making it

if (true === $this->settings->enable_aad_group_to_wp_role) {
  $user = $this->update_wp_user_roles($user, $group_memberships);
} else if (is_multisite() && !is_main_site()) {
  if (empty($this->settings->default_wp_role)) {
    $this->settings->default_wp_role = 'subscriber';
  }
  $user = $this->update_wp_user_roles($user, array());
}

This allows using default_wp_role without ties to AD group mapping or at minimum sets the role to 'subscriber' hereby assigning the user to the correct site.