Support » Plugin: Next Active Directory Integration » var REMOTE_USER empty

  • Resolved theenforcer

    (@theenforcer)


    Hi, i’m currently setting up NADI for SSO. Been a lot of troubleshooting by myself and followed all guides/docu’s. I just cant get NADI to get the variable REMOTE_USER.

    The error is:

    2020-11-11 16:46:16 [DEBUG] NextADInt_Adi_Authentication_SingleSignOn_Service::findUsername [line 279] SSO provided username for environment variable "REMOTE_USER" is "'
    2020-11-11 16:46:16 [WARNING] NextADInt_Adi_Authentication_SingleSignOn_Service::authenticate [line 102] Cannot find username for SSO.

    When i dump the $_SERVER (see below) im getting the correct REMOTE_USER variable back, so i can not understand why NADI is not working.

    This is output of dump:
    "GET" ["REMOTE_USER"]=> string(19) "DOMAIN\xxxxxxxxx"

    -edit-
    For testing purposes i used another simple plugin which does correctly read the REMOTE_USER variable in wordpress so theres nothing wrong with my setup i guess only NADI is not correctly reading the var and i have no idea how to correct this.

    • This topic was modified 3 months, 2 weeks ago by theenforcer.
    • This topic was modified 3 months, 2 weeks ago by theenforcer.
    • This topic was modified 3 months, 2 weeks ago by theenforcer.
Viewing 15 replies - 1 through 15 (of 15 total)
  • Plugin Author schakko

    (@schakko)

    – In your second code example: How did you dump the $_SERVER variable? With var_dump($_SERVER)? Why is there a “GET” in front of it?
    – Do you have a proxy in front of your webserver? This will change the environment variable.
    – The other plug-in is installed in the *same* WordPress instance? What plug-in is it?

    Thread Starter theenforcer

    (@theenforcer)

    Thnx for the quick reply…

    – Sorry i outputted the dump incorrectly, the “GET” was from a previous variable, the dump was created with var_dump($_SERVER)
    ["REQUEST_METHOD"]=> string(3) "GET" ["REMOTE_USER"]=> string(19) "DOMAIN\xxxxxxxxx"
    – No proxy
    – Other plugin was from miniorange on the same wordpress instance (which works but i dont like this plugin) and from another blog post i got iisauth.php from realdolmen (https://blog.maartenballiauw.be/post/2011/05/04/wordpress-auto-sign-on-with-iis7-and-a-plugin.html) which also works on the same wordpress instance but does not have many features.

    -edit-
    Other features on your plugin works perfectly: Sync from/to AD/Wordpress, testing authentication, ldap connections, etc… its just the REMOTE_USER variable which is not working so i can not get integrated SSO to work.

    • This reply was modified 3 months, 2 weeks ago by theenforcer.
    • This reply was modified 3 months, 2 weeks ago by theenforcer.
    Plugin Author schakko

    (@schakko)

    I can only assume that some other plug-in removes or resets the REMOTE_USER variable. The code for extracting the remote user in NADI is pretty simple.

    You can put a

    
    var_dump($_SERVER);exit;
    

    in the first line of your /wordpress/index.php and check if the REMOTE_USER variable is available, then comment it out and put the code into /wordpress/wp-content/plugins/next-active-directory-integration/classes/Adi/Authentication/SingleSignOn/Service.php before line 92 ($isUserLoggedIn = is_user_logged_in();) and check if the variable is empty or some other variable like X_REMOTE_USER is filled.

    Thread Starter theenforcer

    (@theenforcer)

    Added into wordpress\index.php and variable is filled with correct REMOTE_USER that is logged on. So thats correct.
    Added into plugindir\..\service.php and nothing is getting triggered, its just opening the site without sso. So the dump is not getting triggered.

    Im not using any other plugins, im setting up a complete new wordpress site with only sso login plugig for testing purposes, after that is working i will implement it on our production site.

    Plugin Author schakko

    (@schakko)

    If it does not trigger you have either SSO disabled or you are already logged in. What does

    
    var_dump(wp_get_current_user());
    

    print?

    • This reply was modified 3 months, 2 weeks ago by schakko.
    Thread Starter theenforcer

    (@theenforcer)

    Thnx btw for the fast replies.

    I’ve added the var_dump(wp_get_current_user()); to the index.php and its getting a:

    500 - Internal server error.
    There is a problem with the resource you are looking for, and it cannot be displayed.

    Also added inside the ..\service.php authenticate function but again this function apparently is not getting triggered.

    Plugin Author schakko

    (@schakko)

    You can try to put

    
    var_dump(wp_get_current_user());
    

    into Service.php before line 92 and check if it gets triggered. If not, SSO is not enabled. If yes, it should print the current detected user and SSO is working.
    Without doing a debugging session (https://active-directory-wp.com/service-for-active-directory-and-wordpress/) I am out of ideas here.

    Thread Starter theenforcer

    (@theenforcer)

    Ok, too bad… ive correctly inserted it into service.php at line 92 but its still not getting triggered. I’m not hitting a bug am i? Since a fellow user @sjones2701 reported a tiny similiar issue a week ago, you sure it should work? To my knowledge the wp_get_current_user function cannot dump a good result because its not authenticated and i only have one (admin) user in my wpusertable, so thats probably why its getting a error 500.

    Still wondering why other plugins are correctly working with SSO, for example iisauth.php has a simple code that is retrieving the REMOTE_USER with the following php code:
    $username = substr($_SERVER['REMOTE_USER'], strrpos($_SERVER['REMOTE_USER'], '\\') + 1);
    and then insert $username into the wpusertable. Thats working perfectly in my WordPress enviroment, but i need some other features that your plugin has.

    Anyway thanks for your support, i will also try to get it work by editing the plugin.

    • This reply was modified 3 months, 2 weeks ago by theenforcer.
    • This reply was modified 3 months, 2 weeks ago by theenforcer.
    Plugin Author schakko

    (@schakko)

    I am relatively sure that this is not a bug in NADI but something else.
    wp_get_current_user would return null which var_dump() in return would also dump. So no issue there.

    @sjones2701 mentioned that he’s using IIS 10. Maybe this could be an (unknown to me atleast) issue.

    I was able to confirm that REMOTE_USER was returning my correct domain\username but SSO was still not working. I do have the one from miniorange working correctly, so, I know my IIS setup is working properly.

    Thread Starter theenforcer

    (@theenforcer)

    Not to be picky or something but i can also confirm that miniorange gets a working SSO on my own brand-new WordPress setup out-of-the-box so it must be this plugin which handles SSO incorrectly. Hope the author can/will test this latest setup; WP 5.5.3, PHP7.4.12 installed on a clean WinServer2012 setup (IIS8.5), no other plugins or programs installed.

    • This reply was modified 3 months, 2 weeks ago by theenforcer.
    • This reply was modified 3 months, 2 weeks ago by theenforcer.
    • This reply was modified 3 months, 2 weeks ago by theenforcer.
    Thread Starter theenforcer

    (@theenforcer)

    FYI, steps to reproduce:

    – Installed WP 5.4.4 (that one should be supported by NADI) on a new DB;
    – Installed NADI;
    – Configured NADI;
    – Disabled Anonymous Authentication in IIS, enabled Windows Authentication (Negotiate over NTLM)

    Results in … Server Error 500 …

    Theres definately something wrong in the plugin.

    I also tried to rewrite the REMOTE_USER with Helicon Manager and when dumping the $_SERVER i can clearly see the rewrite is succesfull buth NADI still gives the same error/result. Will investigate further…

    • This reply was modified 3 months, 2 weeks ago by theenforcer.
    Plugin Author schakko

    (@schakko)

    @theenforcer Please check the PHP’s error log what error exactly occurs.
    Also, if you have enabled the “Use Proxy email address”, try to disable it. There is a bug in it (https://wordpress.org/support/topic/call-to-a-member-function-findbyproxyaddress-on-null/).

    Thread Starter theenforcer

    (@theenforcer)

    Ok finally getting somewhere now, no PHP errors are logged btw…. but….

    It came to my attention that when i disabled Anonymous Authentication there was immediately no logging from the plugin added to the logs when i hit F5 on the website and the error 500 it produces states exactly:

    500 - Internal server error.
    There is a problem with the resource you are looking for, and it cannot be displayed.

    The resource that its probably been looking for all the time (and probably needs write access to it) is the log file. But since “Authenticated Users” has no write access to the log file in the plugindir it just ends up with this error.

    TL;DR:
    – When logging is enabled within this plugin you need to give “Authenticated Users” write/modify access to the logdir.
    or
    – Just dont enable logging at all.

    Basicly it all should have worked before when i just let the plugin logging disabled. Please fix this in the next release or mention it somewhere.

    Will implement the plugin on our production site soon since its now working correctly.

    • This reply was modified 3 months, 1 week ago by theenforcer.
    Plugin Author schakko

    (@schakko)

    @theenforcer I’ve updated the documentation accordingly, thank you for the hint!
    @sjones2701 I am closing this issue as you have confirmed that the REMOTE_USER variable is no longer empty.

Viewing 15 replies - 1 through 15 (of 15 total)
  • You must be logged in to reply to this topic.