ameyatammewar

Hi,

You have entered the correct Front-Channel Logout URL in your IDP. Regarding the documentation, it is in progress.

Also, as I can see one of our developers is already in contact with you and we have scheduled a meeting for the issue resolution. So I am closing this ticket.

You can ask us a question at any moment if you have any.

Thanks

Using the Paid version, you can catch the ‘code’ parameter but not using the refresh token grant. You need to use the authorization code grant to grab the code parameter.

Can you explain little more about the exact user flow you are looking for by using the code parameter? As our plugin already handles all the validations on code parameter so you do not need to worry about the SSO.

Are you looking to allow your users to login into the WP site using their Cognito credentials? We can also speed up the conversation by setting up a zoom call. Reach out to us if that works for you.

Yes, it is possible to have a registration button next to login one. For this and logout functionality, you will require our Cognito Integration plugin along with WP single Sign-On plugin.

We can discuss the entire user flow over the zoom call, like clicking on the registration button, where you want to redirect users? To your custom registration form or you want to use the Cognito’s default sign-up form.

You can reach out to us via plugin support form so that we can help you out with the premium plugins.

• This reply was modified 1 year, 9 months ago by ameyatammewar.

Hi,

Thank you for reaching out to us.

Yes, we can definitely ask a user to enter username and password to login into the Website every time they try to login once they logout from the site. For this, you need to configure the OIDC logout URL of Cognito inside the plugin. Also, you can provide an option to register users via WordPress form into the Cognito user pool. These features are available in our paid plugin versions.

Let me know if you need any other help from us.

Thanks

Hi,

Thank you for reaching out to us.

As I understand, you do not want to redirect again with no code parameter. Can you tell me after second redirection the SSO user is logged into your site?

Yes, if you keep the Custom redirect URL after login blank, will be there by default in the free version, will redirect users to the home page after SSO. So can you confirm that you want to redirect users to another page after SSO? Also, the second redirection after code parameter is necessary to create a SSO user session on your website.

Let me know the exact issue you are facing in this user flow so that I can help you out with your requirements. To make faster progress in our conversation, can we schedule a Zoom meeting call. You can reach out to us via plugin support form so that we can share the zoom link with you.

Thanks

Hi,

Thank you for reaching out to us.

As per the standard SSO protocols like OAuth 2.0 and OpenID connect 1.0, in the authorization code grant, the code parameter was sent as a response from the Identity provider in the $_REQUEST, you can check the details in the RFC specifications. That’s why we cannot modify the condition as we are receiving the response from IDP and our plugin has to catch that response for further processing. But we can add a check to handle the request coming from your custom code.

You can share your request format, the parameter required along with code, so we can add a check in our plugin for that. You can send us a query from the support form inside the plugin. We will be happy to help you.

Thanks,

Hi Kevin,

Thank you for reaching out to us. The plugin that you are mentioned here is the WP SAML Single Sign-On plugin and this forum where you have posted the query is for WP OAuth Single Sign-On plugin.

We can help you out with your query, it looks like a false positive. I assure you that there’s no malicious code and no security risks are present. It’s just that we obfuscate our premium plugin code to deter reverse engineering. So, you can ignore the warnings from the malware scanner.

If you have any concerns, can you please just raise an request from the plugin’s support form so that our team can reach out to assist you immediately.

Thanks,

• This reply was modified 2 years ago by ameyatammewar.

Hi,

No need to re-install the plugin.
Can you please confirm if you have any cache plugin installed?
Also, can you please reach out to us via support form inside the plugin so our developers can schedule a zoom screen share meeting with you to look into your issue?

Thanks

Hi,

We have added the fix for this in our previous plugin version. Let us know if you need any help with this.

Thanks

Hi,

Thank you for reaching out to us.

We will be adding the fix for this issue in our next release which is planned after 2 weeks. If you want to receive the changes prior that, you can reach out to us by creating a support ticket inside the plugin. Our developers will get on a call to resolve the issue for you.

Thanks

Hi Wil,

Glad the issue is resolved for you.

As you are looking to set the custom redirect URL, it is available in our paid plugin. You can reach out to us by raising a support query from inside the plugin so that we can help you out with all your requirements.

Also, let us know if you have any other questions.

Thanks

Hi Urmil,

The Clever SSO issue is already fixed in our latest version.
Can you please verify the test configuration with our latest plugin version which is 6.23.3?

Also, you can reach out to us via the support form inside the plugin so we can schedule a meeting with you to help you set up the plugin in your environment.

Thanks

Hi,

Thank you for reaching out to us.

As you can see in the error description mentioning the ‘invalid_client’, can you please confirm if you have configured the same Client ID as well as Client secret from your SSO application into the plugin?

Also, our representative has already reached out to you via email. Please confirm if you have received our email.

Thanks

Hi Wil,

To test the SSO between two WordPress sites using our Client and Server SSO plugins, you do not need the paid version of the plugin.

Can you confirm if you have configured the correct client id and secret in the OAuth client plugin? Also, to figure out the invalid client error that you are facing, can you raise a support query from inside the plugin and also share the plugin configuration screenshots with us so that our team will reach out to you with a resolution?

Also, using the paid version of the plugin, if a user is signed in to site A then he will be automatically logged in to site B without the need to click on the sign-in button. We will help you to choose the correct plugin plan once you successfully test the SSO with free plugins.

Thanks,

Hi There,

Looks like you were using another plugin from miniOrange that is a social login.

Can you please raise a query from the support form that is present inside of the Social Login plugin so our developers can reach out to you with a solution?

Thanks