WordPress.org

Ready to get started?Download WordPress

Forums

Active Directory Authentication Integration
[resolved] User password not verified (6 posts)

  1. RobertLask
    Member
    Posted 2 years ago #

    I'm having a weird problem. When new first time user authenticates using AD credentials, the WP account is created and user is forwarded to the profile screen. If the wrong AD password is provided on first time login user is denied access to the site. After logout, for any subsequent login attempt user can type any random password string and the WP allows to login. User is again forwarded to the user profile screen.
    Does anyone have any ideas what may be wrong?

    Environment
    WP - version 3.3.1
    active-directory-authentication-integration - tried both official 0.6 and development 0.7.
    Server - Win2k8
    Web Server - IIS7

    http://wordpress.org/extend/plugins/active-directory-authentication-integration/

  2. Curtiss Grymala
    Member
    Plugin Author

    Posted 2 years ago #

    I'm a little confused. Which users are able to login with any password? Are these the users that logged in successfully before, or are they the users that were denied the first time they tried to login with the wrong password?

  3. RobertLask
    Member
    Posted 2 years ago #

    Let me provide more details and explain the scenario. The plugin is configured to auth users through one AD server (no SSL). I enabled the "Automatically create new WP user" and "Auto update users...". All other options are set to defaults.
    When I navigate to the test.php page and try UserName@domainName.com and valid AD password the test is successful and user is created in WP. The same happens if I navigate to login page on my WP site (/wp-login.php). After successful login, user is forwarded to the user profile page. So up to this point all works as expected.

    After log out, browser is forwarded back to the login screen. At this point I can enter the same AD user credentials “UserName@domainName.com” and whatever string as password (valid AD password works as well). User is authenticated and forwarded back to the profile page.

    To make sure there is no cashed session of some sort, I tested with closing the browser, clearing cookies, resetting IIS.

  4. RobertLask
    Member
    Posted 2 years ago #

    Do you have any suggestions? Thank you for all help, Robert

  5. RobertLask
    Member
    Posted 2 years ago #

    After complete re-installation of whole environment there is no more problem. Authentication and registration of AD users works as expected. Not sure what the problem was, but I suspect i may have to do with the fact that I have been testing different authentication methods and there was a conflict with one of the plugins that have not deactivated properly.

  6. Curtiss Grymala
    Member
    Plugin Author

    Posted 2 years ago #

    Awesome. Thanks for the update. I was trying to see if I could replicate the issue, but I wasn't having any luck. Glad you got it sorted.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic