ajl80
commented
4 years ago Hi, I am also having this issue.
Open planet4 opened 4 years ago
ajl80
commented
4 years ago Hi, I am also having this issue.
psignoret
commented
4 years ago @andyleese @planet4 Can you please share some details on how you're hosting WordPress?
ajl80
commented
4 years ago its Self Hosted Windows Server IIS :10.0 PHP :7.1.7 Wordpress : 5.3.2
it writes sessions to temp fine I've tried disabling WP Super Cache plugin. like @planet4 said, it seems to be random users.
psignoret
commented
4 years ago A couple more questions:
http://... (but then get redirected back after sign-in to https://...)? Or vice versa?ajl80
commented
4 years ago its a network setup
OK if I put http://... it seems to work, signs in to https://... else https://... errors (but not for everyone)
planet4
commented
4 years ago Exactly the same issue here. Running on Ubuntu server 18.04 with apache. http is redirected to https. Just a few users gets this occasionally. WP is running in a single instance.
Ssy3
commented
4 years ago I just downgrade WordPress to 5.3.4 using the following plugin: https://wordpress.org/plugins/wp-downgrade/
and everything working fine, we hope to find a solution for this issue in the newer version of Wordpress.
Ssy3
commented
4 years ago Create a new Azure AD app and update WordPress to the latest version.
i-am-dan
commented
4 years ago Not sure if it's the same issue but, make sure you are calling the 'authenticate' filter from the page it's redirecting to after getting the code. I had this issue when I signed in from another page (not wp-login) and the redirect url was set to wp-login.php.
chris18890
commented
3 years ago I've discovered that if your config/site has "Set-Cookie -SameSite=Strict", it will interfere with SSO & the anti-forgery ID being passed
mmirandab
commented
3 years ago He descubierto que si vuestro config/sitio tiene "Set-Cookie -SameSite=Strict", interferirá con SSO & el anti-falsificación ID que es pasado
How can i change this option?
chris18890
commented
3 years ago @mmirandab depends on how you're hosting your wesbite - if it's self-hosted/on a VPS, it's easy enough to change; for apache it's a matter of modifying the relevant "Set Header in the config file (/etc/apache2/conf-available/security.conf for apache on ubntu), & reloading/restarting apache, I'd assume other web servers like NGINX and/or other distros like debian/RHEL-based will be similar. If you're using a managed hosting package - the short answer is I dunno/it depends on the platform/provider
We are using the plug in for our intranet and some other internal WP sites. In general it works fine but a few users sometimes get the error below. We are using the Force login plug-in in order to have our users to be logged in automatically.
In would be very happy if someone could point me in the right direction to understand what is causing this error.