Paul Ryan
Forum Replies Created
-
Forum: Plugins
In reply to: [Authorizer] Login issues when used with SSO: Redirected too many timesWonderful, thanks for confirming!
Forum: Plugins
In reply to: [Authorizer] Login issues when used with SSO: Redirected too many timesAloha, just an update, I believe the Pantheon folks have a fix ready to deploy for php sessions in php runtime gen2, should be out shortly. Let us know if it fixes the problems for you!
Forum: Plugins
In reply to: [Authorizer] Issue with WordFenceOk great! Thanks for following up.
Forum: Plugins
In reply to: [Authorizer] Issue with WordFenceOk we did get a chance to test this, and it works as expected. Any user with Wordfence 2FA enabled, whether they are a local WordPress user or an LDAP user, can log in with their username/password, and then supply their 2FA code, and log in successfully.
You will notice network traffic from the WordPress server to the LDAP server for any local WordPress or LDAP login, but that’s just because we can’t differentiate between the two because they share the same username/password fields. So a local user will first fail the LDAP authentication check, and then fall back to WordPress authentication which will succeed. The subsequent Wordfence 2FA request will do the same thing: fail LDAP authentication, and then succeed WordPress authentication (assuming the 2FA code was correct).
My guess is maybe the Members plugin you are using is interrupting this process somehow? My group personally uses ACF, Custom Taxonomy Order, and Wordfence, so those plugins are for sure not causing any conflict. I would try deactivating the other plugins one at a time until you see Wordfence 2FA logins succeed, and we can go from there once you identify which other plugin is conflicting.
Forum: Plugins
In reply to: [Authorizer] Issue with WordFenceOk I think I understand; we were testing LDAP logins with Wordfence 2FA enabled, which works. But I think you have admins with Wordfence 2FA that are local users, not LDAP users, and that is what’s not working. We’ll try to reproduce that scenario and fix!
Forum: Plugins
In reply to: [Authorizer] Issue with WordFenceAloha, we tested Authorizer logins via LDAP with Wordfence 2FA enabled and were able to successfully log in (submit username and password to authenticate against LDAP, and then enter the Wordfence 2FA code to finish the WordPress login).
Can you provide more details on your setup to see if there is another plugin or some theme code that might be conflicting? In particular, Authorizer is not supposed to submit a request to the LDAP server via AJAX (unless you are using the “LDAP test connection” field at the bottom of the LDAP tab in Authorizer Settings).
Forum: Plugins
In reply to: [Authorizer] Issue with WordFenceThanks for the report! We’ll look into what it would take to get the two features (Authorizer LDAP logins and Wordfence 2FA) working together, and report back here. Cheers
Forum: Plugins
In reply to: [Insert Pages] Can’t get away with title rather than slug or page ID anymore?Aloha, we released version
3.11.1with better support for inserting pages by titles. Give it a try and let us know if it works for inserting your pages with parentheses in the title.(Note: prior to version 3.11.0, the legacy insert method implicitly supported inserting pages via page title, using the
nameparameter toquery_posts(); this wasn’t intentional, but since you and others are using it, we now added support to do this explicitly!)Forum: Plugins
In reply to: [Insert Pages] Can’t get away with title rather than slug or page ID anymore?Thanks for the detailed report, we’ll investigate and get an update out shortly!
Forum: Plugins
In reply to: [Authorizer] Should I keep authorizers options autoloaded ?Awesome, thanks! FYI the next version of Authorizer will set better autoload values (only autoloading plugin options required on every page, and not autoloading options only used on specific page requests, like
auth_settings_access_users_approvedwhich only needs to be checked on wp-login.php.https://github.com/uhm-coe/authorizer/commit/6e807fc5e4dfffff491fbe70e1263136182ed0d0
https://github.com/uhm-coe/authorizer/commit/236bc3200b190fad75d6200e25b021b1477c5474
https://github.com/uhm-coe/authorizer/commit/3223bc3b9a2013a6b84dd26928d90730b3c61b31
Forum: Plugins
In reply to: [Authorizer] Should I keep authorizers options autoloaded ?Yep it should be fine to turn off autoloading. Those options are really only used during authentication (and when viewing the admin settings page), so no need to keep it in memory for all other page requests.
We’ll look into disabling autoload by default in the plugin code also, so other folks don’t have to manually disable it. Thanks
Forum: Plugins
In reply to: [Insert Pages] Publish Status requiredAloha, version 3.11.0 has been released with this change. Note that we decided to change the default behavior to what you want, since it is more secure. People wanting to insert unpublished content will need to explicitly set which post statuses to allow on the plugin options page. For example: https://ww.wp.xz.cn/support/topic/allow-inserting-private-pages-visible-to-all/
Thanks for reporting this issue, and let us know if you have any problems!
Forum: Plugins
In reply to: [Authorizer] Using E-Mail as login for LDAPLooking at JumpCloud LDAP docs, the base DN is
ou=Users,o=YOUR_ORG_ID,dc=jumpcloud,dc=com, so as long as your user email addresses aren’t[email protected], you should be able to restrict logins to email-only by puttingmailas the attribute for both “LDAP attribute containing username” and “LDAP attribute containing email address” in Authorizer settings. Then you won’t need to use a filter at all.Forum: Plugins
In reply to: [Authorizer] Using E-Mail as login for LDAPAloha! You should be able to support only email logins if you use the email attribute in both the “LDAP attribute containing username” and “LDAP attribute containing email address” in Authorizer settings.
One caveat, though, is if your LDAP search base contains the email domain (e.g., emails are [email protected] and the LDAP search base is something like
ou=people,dc=mail,dc=example,dc=com). If that’s the case, you’ll need to add a filter forauthorizer_ldap_search_filterand add the domain back to the username logging in, since (for legacy reasons) Authorizer removes that portion from the username. It would look something like:// Use email addresses for user logins.
add_filter( 'authorizer_ldap_search_filter', function ( $search_filter, $ldap_uid, $username ) {
return '(' . $ldap_uid . '=' . $username . '@mail.example.com' . ')';
}, 10, 3 );Forum: Plugins
In reply to: [Authorizer] Login issues when used with SSO: Redirected too many timesAloha @hawkeyetoby1, I created an issue on the tracker for that plugin; some Pantheon folks are investigating so hopefully there will be some progress soon: https://github.com/pantheon-systems/wp-native-php-sessions/issues/340