Support » Plugin: Rublon Two-Factor Authentication » Rublon with Alloyphoto's NextGEN Gallery Export Lightroom plugin

  • jreinila

    (@jreinila)


    Hi there,

    I just emailed the Alloyphoto according to the issue I’m having with Rublon and exporting photos from Lightroom (with alloyphoto’s Lightroom plugin). Plugin enables the possibility to export photos straight from the Lightroom to my WordPress Nextgen galleries.

    I’m not quite sure that which one is the root cause, Lightroom plugin or Rublon. When I try to publish photos from the Lightroom to my website, I get the error message at the Lightroom saying: “Error processing server response – Declaration has an invalid name.” Basically this is the Lightroom plugin’s error message, and straight after this error I get the email from rublon asking me to verify the login. Even if I click the link in the email, the verified connection does not get listed at WordPress Rublon’s trusted device list. Rublon email lists this connection attempt as: “Web browser: Browser on Other OS”. I’ve enabled the XML-RPC: Lightroom plugin was able to check that the XML-RPC interface was disabled as a default by Rublon. So this is not the cause, more likely adding the Lightroom connection to the trusted device list.

    Earlier, I have already added my computer as a trusted device to the rublon with my browser which I’m using to access backend (Chrome). I understand that the identities must be added if different browsers are used within the same computer.

    I really hope that this could be solved on either side, Alloyphoto or Rublon, or both if you need to do some implementation together to do proper integration between the plugins.

    Both plugins are currently very important for my daily uses, and this affects multiple sites which I’m responsible for.

    Please feel free to ask more details of this issue, and I’ll promise to do everything I can and what I’m able to solve this as soon as possible.

    https://wordpress.org/plugins/rublon/

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Rublon

    (@rublon)

    Hi jreinila

    Thank you for your interest in Rublon.

    It looks like NextGEN is logging into WordPress through some custom method — not using XML-RPC. Otherwise Rublon wouldn’t send you a verification link. NextGEN should be using XML-RPC for this.

    What you could try to do is to set up a separate user account for NextGEN and put it into a user group that has all the rights needed for the software to work (e.g. an Editor). Then, go to the Rublon Settings and reduce the Minimum Protection level for the Editor user group from “Email” to “None”. Please let us know if this helped.

    All the best
    Rublon Team

    jreinila

    (@jreinila)

    Thank you for your answer.

    To clarify to be totally clear, I’ve to correct some “terms” for your answer. My current setup consists of four different components:
    1. Lightroom (photo editing)
    2. Alloyphoto (plugin for Lightroom which enables support to export photos straight to my WordPress gallery)
    3. NextGen gallery Pro (actual image gallery plugin for WordPress)
    4. WordPress

    So the Alloyphoto’s plugin is just a XML-RPC interface integration between Lightroom and NextGen gallery.

    And yes, your suggestion to add separate user for exporting images from Lightroom, with Alloyphoto’s plugin, straight to NextGen gallery works, but still it leaves this one user now unprotected. Of course I’ve set very long and complex username and password, so it should almost impossible to hack.

    I’ve already for response from Alloyphoto:
    “As I thought, instead of a valid XML document, the XMLRPC interface returns an HTML document, containing a “Rublon – Identity confirmation” page and that is why you are seeing an XML parsing error.”

    What I suspects is the following. When I login normally with web browser (with untrusted device), the steps are these:
    1. Login from WordPress backend panel
    2. Got the email from rublon
    3. I click the link in email, and it says that it has been verified. Also tells that I can go back to another browser tab at this point.
    4. When I open original browser tab, which I used to do login, it has changed asking me to select from “Private and trusted device” or “Public device with temporary login”.
    5. After selecting has been done with options in step 4, I get the actual access to wordpress backend.

    When I try to login from Lightroom, with Alloyphoto’s plugin to XML-RPC interface, the steps are these:
    1. I click login from Lightroom
    2. Got the email from rublon. Ip address is right, but the Web browser is: Browser on Other OS
    3. I click the verify link, and got web page saying that it has been verified.
    4. After all, I never get the separate web pages where I’m able to select between the options which was described in step 4 above (when doing normal login from web browser)

    So my suggestion is, that could it be possible to change the behaviour or the “verifying steps”? What I mean is that when user clicks the link in verify email, it could go directly to that page, where the choice between private/public device could be done. I’m quite sure that this would solve this kind of situations, if XMLRPC interface with external plugin is connected.

    Plugin Author Rublon

    (@rublon)

    Hi jreinila

    Thank you for your suggestions. We will investigate this issue and get back to you. This will probably happen in April at the earliest because our backlog is quite long currently. Sorry for the delay.

    All the best
    Rublon Team

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Rublon with Alloyphoto's NextGEN Gallery Export Lightroom plugin’ is closed to new replies.