search

wpo365 / wpo365-login

Wordpress + Office 365 login is a Wordpress Plugin that allows Micrsoft O365 users to seamlessly and securely log on to your corporate Wordpress intranet. The plugin will create a Wordpress user for each corporate user when logged on to Office 365 and thus avoiding the default Wordpress login screen: No username or password required.
https://www.wpo365.com/
Other
11 stars 7 forks source link

Login might be tampered with ERROR #25

Closed dmstickman closed 6 years ago

dmstickman commented 6 years ago

Just set up the plug-in, and I get the tampered error every time I try to authenticate. I have made sure that the web URL matches in both places exactly. All other items have been copied and pasted and match.

Here is the log:

[02-May-2018 18:11:59 UTC] DEBUG ( 5.3.29 ): Validating session for page index.php [02-May-2018 18:11:59 UTC] DEBUG ( 5.3.29 ): Cannot look up user meta WPO365_AUTH for user that is not logged [02-May-2018 18:11:59 UTC] DEBUG ( 5.3.29 ): Getting fresh id and authorization tokens: https://login.microsoftonline.com/........................./oauth2/authorize?client_id=.........................&response_type=id_token+code&redirect_uri=...............&response_mode=form_post&scope=openid&resource=.................&state=........................ [02-May-2018 18:12:00 UTC] DEBUG ( 5.3.29 ): Processing incoming OpenID Connect id_token [02-May-2018 18:12:00 UTC] DEBUG ( 5.3.29 ): Processing an new id token [02-May-2018 18:12:00 UTC] DEBUG ( 5.3.29 ): Algorithm found RS256 [02-May-2018 18:12:00 UTC] DEBUG ( 5.3.29 ): Getting current public keys from MSFT [02-May-2018 18:12:00 UTC] ERROR ( 5.3.29 ): Your login has been tampered with [hash does not match] [02-May-2018 18:12:00 UTC] ERROR ( 5.3.29 ): id token could not be processed and user will be redirected to default Wordpress login [02-May-2018 18:12:00 UTC] DEBUG ( 5.3.29 ): Destroying session index.php [02-May-2018 18:12:00 UTC] DEBUG ( 5.3.29 ): Cannot delete user meta WPO365_AUTH for user that is not logged [02-May-2018 18:12:00 UTC] PHP Notice: Trying to get property of non-object in /hermes/bosnacweb01/bosnacweb01ar/b2095/ipw.mypermal/permintranet/wp-content/plugins/mojo-marketplace-wp-plugin/inc/user-experience-tracking.php on line 149 [02-May-2018 18:12:01 UTC] DEBUG ( 5.3.29 ): Validating session for page wp-login.php [02-May-2018 18:12:01 UTC] DEBUG ( 5.3.29 ): Cancelling session validation for page wp-login.php [02-May-2018 18:12:02 UTC] DEBUG ( 5.3.29 ): Validating session for page wp-cron.php [02-May-2018 18:12:02 UTC] DEBUG ( 5.3.29 ): Cancelling session validation for page wp-cron.php

I replaced all identification from the token and replaced with dots.

Please help!

wpo365 commented 6 years ago

Can you please update to the latest version 3.12? We have updated the nonce-algorithm and the error Your login has been tampered with [hash does not match] should not occur, if your WordPress and the plugin are properly configured. Feedback is much appreciated!

dmstickman commented 6 years ago

I installed it for the first time yesterday, and it is on the latest version (3.12) already. Any other ideas I can try? Thank you!

From: WPO365 [mailto:notifications@github.com] Sent: Thursday, May 3, 2018 2:16 AM To: wpo365/wpo365-login wpo365-login@noreply.github.com Cc: Daniel Martin daniel.martin@permaloc.com; Author author@noreply.github.com Subject: Re: [wpo365/wpo365-login] Login might be tampered with ERROR (#25)

Can you please update to the latest version 3.12? We have updated the nonce-algorithm and the error Your login has been tampered with [hash does not match] should not occur, if your WordPress and the plugin are properly configured. Feedback is much appreciated!

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/wpo365/wpo365-login/issues/25#issuecomment-386200231, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AlHpDldgW9zWWpWDEU0OXM114wwADkA1ks5tuqCcgaJpZM4Tv7bt.

wpo365 commented 6 years ago

You mean you updated this morning (because 3.12 was only released today this morning)? Can you please have another look at the log file? If it is really the same error, then there must be some caching issue, because the algorithm to test the nonce is the same for when it's created and when it's validated on return. It's virtually impossible that you run into the same error ...

dmstickman commented 6 years ago

Good news! I just tried it and it works now. I wonder if my plug-in auto-updated to 3.12 this morning and that fixed it. Either way, I’m good now! Thank you so much.

From: WPO365 [mailto:notifications@github.com] Sent: Thursday, May 3, 2018 8:10 AM To: wpo365/wpo365-login wpo365-login@noreply.github.com Cc: Daniel Martin daniel.martin@permaloc.com; Author author@noreply.github.com Subject: Re: [wpo365/wpo365-login] Login might be tampered with ERROR (#25)

You mean you updated this morning (because 3.12 was only released today this morning)? Can you please have another look at the log file? If it is really the same error, then there must be some caching issue, because the algorithm to test the nonce is the same for when it's created and when it's validated on return. It's virtually impossible that you run into the same error ...

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/wpo365/wpo365-login/issues/25#issuecomment-386274035, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AlHpDuIcH-xvTdJM1nx5uqU0JmjNxS-1ks5tuvOkgaJpZM4Tv7bt.

wpo365 commented 6 years ago

Glad to hear! When it's all good, the feel free to leave a review https://wordpress.org/plugins/wpo365-login/ :)

dmstickman commented 6 years ago

Spoke slightly to soon….the authentication works, it creates a new user based on the O365 user info, but it never redirects the page back to the site URL. Any ideas on that one?

It worked on the first one I tried because that was my login and I already had an account in WP.

From: WPO365 [mailto:notifications@github.com] Sent: Thursday, May 3, 2018 8:24 AM To: wpo365/wpo365-login wpo365-login@noreply.github.com Cc: Daniel Martin daniel.martin@permaloc.com; Author author@noreply.github.com Subject: Re: [wpo365/wpo365-login] Login might be tampered with ERROR (#25)

Glad to hear! When it's all good, the feel free to leave a review https://wordpress.org/plugins/wpo365-login/ :)

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/wpo365/wpo365-login/issues/25#issuecomment-386277579, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AlHpDqCNpEH45WopNXWvyGyW6nI2Del_ks5tuvbdgaJpZM4Tv7bt.

wpo365 commented 6 years ago

So where are you "stuck"? I presume you're being redirected back from Microsoft, right? If you want you can send me your log file at info[at]wpo365[dot]com and I'll have a look ...