[email protected]
]]>Recently, I enabled a social social sign on option using buddyboss which enables users to register/login using their LinkedIn profile.
Unfortunatly, in some (not all instances). Ninja fireall is blocking the user registrations as a cross site scripting attempt/
Example from the firewall log of an instance that was blocked.
Any suggestions please?
22/Jan/25 13:54:18 #1162478 HIGH 100 11.216.87.38 POST /index.php - Cross-site scripting - [COOKIE:bp-message = %3Cdiv%20class%3D%22bb-sso-reg-error%22%3E%3Cp%3EPlease%20fill%20in%20the%20required%20fields%20to%20complete%20your%20registration%3A%20%3C%2Fp%3E%3Cul%3E%3Cli%3E%3Cstrong%3ELocat...] - mydomain.com
22/Jan/25 13:54:51 #2675805 HIGH 100 11.216.87.38 POST /index.php - Cross-site scripting - [COOKIE:bp-message = %3Cdiv%20class%3D%22bb-sso-reg-error%22%3E%3Cp%3EPlease%20fill%20in%20the%20required%20fields%20to%20complete%20your%20registration%3A%20%3C%2Fp%3E%3Cul%3E%3Cli%3E%3Cstrong%3ELocat...] - mydomain.com
22/Jan/25 13:54:52 #4994889 HIGH 100 11.216.87.38 GET /index.php - Cross-site scripting - [COOKIE:bp-message = %3Cdiv%20class%3D%22bb-sso-reg-error%22%3E%3Cp%3EPlease%20fill%20in%20the%20required%20fields%20to%20complete%20your%20registration%3A%20%3C%2Fp%3E%3Cul%3E%3Cli%3E%3Cstrong%3ELocat...] - mydomain.com
22/Jan/25 13:54:58 #2374374 HIGH 100 11.216.87.38 POST /index.php - Cross-site scripting - [COOKIE:bp-message = %3Cdiv%20class%3D%22bb-sso-reg-error%22%3E%3Cp%3EPlease%20fill%20in%20the%20required%20fields%20to%20complete%20your%20registration%3A%20%3C%2Fp%3E%3Cul%3E%3Cli%3E%3Cstrong%3ELocat...] - mydomain.com
22/Jan/25 13:54:58 #1931259 HIGH 100 11.216.87.38 GET /index.php - Cross-site scripting - [COOKIE:bp-message = %3Cdiv%20class%3D%22bb-sso-reg-error%22%3E%3Cp%3EPlease%20fill%20in%20the%20required%20fields%20to%20complete%20your%20registration%3A%20%3C%2Fp%3E%3Cul%3E%3Cli%3E%3Cstrong%3ELocat...] - mydomain.com
22/Jan/25 13:55:03 #7522356 HIGH 100 11.216.87.38 POST /index.php - Cross-site scripting - [COOKIE:bp-message = %3Cdiv%20class%3D%22bb-sso-reg-error%22%3E%3Cp%3EPlease%20fill%20in%20the%20required%20fields%20to%20complete%20your%20registration%3A%20%3C%2Fp%3E%3Cul%3E%3Cli%3E%3Cstrong%3ELocat...] - mydomain.com
22/Jan/25 13:55:03 #3433782 HIGH 100 11.216.87.38 GET /index.php - Cross-site scripting - [COOKIE:bp-message = %3Cdiv%20class%3D%22bb-sso-reg-error%22%3E%3Cp%3EPlease%20fill%20in%20the%20required%20fields%20to%20complete%20your%20registration%3A%20%3C%2Fp%3E%3Cul%3E%3Cli%3E%3Cstrong%3ELocat...] - mydomain.com
22/Jan/25 13:55:08 #7532666 HIGH 100 11.216.87.38 POST /index.php - Cross-site scripting - [COOKIE:bp-message = %3Cdiv%20class%3D%22bb-sso-reg-error%22%3E%3Cp%3EPlease%20fill%20in%20the%20required%20fields%20to%20complete%20your%20registration%3A%20%3C%2Fp%3E%3Cul%3E%3Cli%3E%3Cstrong%3ELocat...] - mydomain.com
22/Jan/25 13:55:08 #3800205 HIGH 100 11.216.87.38 GET /index.php - Cross-site scripting - [COOKIE:bp-message = %3Cdiv%20class%3D%22bb-sso-reg-error%22%3E%3Cp%3EPlease%20fill%20in%20the%20required%20fields%20to%20complete%20your%20registration%3A%20%3C%2Fp%3E%3Cul%3E%3Cli%3E%3Cstrong%3ELocat...] - mydomain.com
Thanks in advance for any assistance
Regards
]]>We hit a roadblock while trying to configure it with keycloak and didn’t know what to do. Thankfully, Neil from the support team stepped in and guided us through everything.
What’s even better is that this SAML SSO plugin is much more affordable than other alternative options without compromising on quality or support. If you’re looking for an SSO solution, trust me, this is the one to go with.
]]>What really stood out to me was their support. Anytime I had a question or needed help, they were quick to jump in and provide clear, helpful answers. It’s rare to find a team that’s this dedicated to both their product and their customers.
If you’re looking for a reliable SSO plugin and an awesome team to back it up, Sangu and crew are the ones to call. Highly recommend! 