Issue due to a particular plugin that causes a Token validation issue on the SSO

  • Resolved seekers_paradox

    (@dayesh24)


    2 years, 4 months ago

    Hello,

    We have a few clients who are facing issues when they log in to the WordPress dashboard via SSO( Single sign-on) integrated via our Business app.

    Error: LoginHandler: ERROR: Invalid JWT token. Error: “kid” empty, unable to lookup correct key LoginHandler: ERROR: invalid JWT salt LoginHandler: ERROR: (403) authorization failure

    The Plugin identified here was Events Calendar ( After the new update 2 days ago).
    Last time it was Google Listings and ads.

    What seems to be wrong here?

    Our developer’s thoughts:
    SSO advanced login is meant to handle the login automatically by validating and managing the process and allowing you to login in one click.
    If you have another plugin that needs to use/change that process, you need to deactivate SSO advanced login. What happens after that is up to the customer. Worst case you need to use a manual login like the above.

    Logging via Manually using a username and password does work if the plugin is active. But not via SSO setup.

    To clarify, I am not asking for any help with respect to SSO.

After the recent update for Events Calender 6.02, The plugin causes the SSO auth token to be invalidated.

Question: Is this plugin trying to manipulate any security defined by any SSO? It was working fine previously after the update issue occurred.

Hope This clarifies.
Viewing 15 replies - 1 through 15 (of 15 total)
  • Plugin Support Abz

    (@abzlevelup)

    Hi @dayesh24, thanks for bringing this to our attention. I’m not entirely sure about the behavior of the JWT, but I suspect this could be due to a mismatch of tokens/versions. I would definitely share this with the team and I’d get back to you whenever I hear from them. Hang in there.

    Best,
    Abz

    Thread Starter seekers_paradox

    (@dayesh24)

    Hi Abz,

    Do you have an update for us? Thank you and Appreciate your help.

    Thread Starter seekers_paradox

    (@dayesh24)

    Hi, @abzlevelup Do you have an ETA for the fix, please?

    We have several client sites hosted and the majority of them make use of the Events Calender Plugin. If you would resolve that it would be amazing.

    Plugin Support Abz

    (@abzlevelup)

    Hi @dayesh24, apologies for the delay here. I’m back now. We’ve released a version that fixed the issue with JWT, v6.0.2. Could you try updating your The Events Calendar and see if that fixes the issue you’re having?

    To be safe, we’d recommend conducting tests and updates on a Staging Server. Also, please keep a working backup of your website.

    Please let me know how it goes.

    Best,
    Abz

    Thread Starter seekers_paradox

    (@dayesh24)

    Hi, @abzlevelup nope, we have used v6.0.2, v6.0.3, and v6.0.4 as well.

    Yet the same issues.

    Here is the video – https://share.vidyard.com/watch/RZuf1tozaXtBwjh6xyR9Kh?

    In order for the SSO to work we have to downgrade the Plugin version to 6.01 always.

    Plugin Support Abz

    (@abzlevelup)

    Hi @dayesh24, that’s not good. Thanks for sharing a screen recording here, this would definitely help us.

    Let me reach out to our team and I’d get back to you whenever there are updates.
    Hang in there.

    Best,
    Abz

    ________________________

    Internal Bug Ticket Reference:
    TEC-4533

    Plugin Support Abz

    (@abzlevelup)

    Hi @dayesh24,

    Writing back to you here. I am curious, by any chance, could you provide me the version of JWT used on your end?
    ?
    Looking forward to your response.
    ?
    Thank you,
    Abz
    ________________________

    Internal Bug Ticket Reference:
    TEC-4533

    Thread Starter seekers_paradox

    (@dayesh24)

    Hi @abzlevelup

    Hey, sorry about the delay on this. Right now we are using the standard RFC 7519. We are using the latest versions with standards.

    Plugin Support Abz

    (@abzlevelup)

    Hi @dayesh24, thanks for sharing — I’d definitely share this with our team. I’d get back to you as soon as I hear from them.

    Hang in there,
    Abz


    Bug Ticket Reference: TEC-4533

    Thread Starter seekers_paradox

    (@dayesh24)

    Hey @abzlevelup By any chance can you help me with any findings from your end, I am curious ??

    Thanks again, for working and helping with this issue.
    FYI: The new update on the plugin still remains the same.

    Plugin Support Abz

    (@abzlevelup)

    Hi @dayesh24, thanks for writing back here. I’d follow up back to our team and see what’s up.

    I am just curious even with the latest updates, JWT issues persist. Usually, this is a problem because the versions are out of sync. Ours is likely the newest one which breaks older versions. ??

    I’d get back to you whenever I know more.

    Hi, I get the same error in use with the plugin WP Gupy (chat plugin) – do I have a way to go back to 6.0.1?

    Plugin Support Darian

    (@d0153)

    Hi @einzelfabrik ,

    You could check our knowledgebase article for more details on how to install older plugin versions.

    Plugin Support Darian

    (@d0153)

    Hi @dayesh24

    Just to followup on this thread.

    Are you still experiencing the issue using the latest version of our plugin (TEC v6.0.13.1)? If so, please provide the error you have for our reference to investigate the issue further. In addition, please include the current JWT version that you’re using.

    Looking forward to your reply.

    Plugin Support Darian

    (@d0153)

    Hi @dayesh24

    This thread has been inactive for a while, so we’ll go ahead and mark it Resolved. Please open a new thread if any other questions arise, and we’d be happy to help.

Viewing 15 replies - 1 through 15 (of 15 total)
  • The topic ‘Issue due to a particular plugin that causes a Token validation issue on the SSO’ is closed to new replies.