Open 8biteric opened 4 years ago
Hey. Thank you so much for this! I'm having issue understanding how to use the apply_filter('authenticate'). Don't I need to call this hook for me to get the access token? If so, where do I place this code? I see that you don't have anywhere on your code.
Thank you!
EDIT: So you are not using a custom login page?
I am working on a private corporate intranet built in Wordpress, using Azure for logins. This plugin worked perfectly, outside of my attempt at a custom login page. I was running into antiforgery issues as detailed in https://github.com/psignoret/aad-sso-wordpress/issues/159.
I wanted to bypass wp-login.php probably for reasons similar to others – didn't want to confuse people with two options to login: do they enter their credentials in the wordpress fields, or do they click the Sign In Using Azure link?
Tried everything to get around wp-login.php, but i gave up – was on a crunch and had to move to Plan B quickly. So for those in a similar boat, here's what I did:
1) Added the following code snippet to my header. Redirect code is there in case people request a specific page without being logged in.
2) Used Peter's Login Redirect to forward all users elsewhere once they logged in. This was to prevent users from ending up at the Wordpress dashboard. (Note: you'll need to make sure "Allow a POST or GET "redirect_to" variable to take redirect precedence" is set to Yes, so that redirect in the code above is respected.
3) I modified the hell out of wp-login.php, and simply hid all the stuff I didn't want users messing with (pretty much everything but the Azure sign-in link). This function will get you there:
That's pretty much it. Things seems to be working well. We're not live yet, and if there's any bugs that pop up, I'll be sure to post them here.