var REMOTE_USER empty
-
Hi, i’m currently setting up NADI for SSO. Been a lot of troubleshooting by myself and followed all guides/docu’s. I just cant get NADI to get the variable REMOTE_USER.
The error is:
2020-11-11 16:46:16 [DEBUG] NextADInt_Adi_Authentication_SingleSignOn_Service::findUsername [line 279] SSO provided username for environment variable "REMOTE_USER" is "' 2020-11-11 16:46:16 [WARNING] NextADInt_Adi_Authentication_SingleSignOn_Service::authenticate [line 102] Cannot find username for SSO.When i dump the $_SERVER (see below) im getting the correct REMOTE_USER variable back, so i can not understand why NADI is not working.
This is output of dump:
"GET" ["REMOTE_USER"]=> string(19) "DOMAIN\xxxxxxxxx"-edit-
For testing purposes i used another simple plugin which does correctly read the REMOTE_USER variable in wordpress so theres nothing wrong with my setup i guess only NADI is not correctly reading the var and i have no idea how to correct this.
-
Thnx for the quick reply…
– Sorry i outputted the dump incorrectly, the “GET” was from a previous variable, the dump was created with var_dump($_SERVER)
["REQUEST_METHOD"]=> string(3) "GET" ["REMOTE_USER"]=> string(19) "DOMAIN\xxxxxxxxx"
– No proxy
– Other plugin was from miniorange on the same wordpress instance (which works but i dont like this plugin) and from another blog post i got iisauth.php from realdolmen (https://blog.maartenballiauw.be/post/2011/05/04/wordpress-auto-sign-on-with-iis7-and-a-plugin.html) which also works on the same wordpress instance but does not have many features.-edit-
Other features on your plugin works perfectly: Sync from/to AD/Wordpress, testing authentication, ldap connections, etc… its just the REMOTE_USER variable which is not working so i can not get integrated SSO to work.Ok, too bad… ive correctly inserted it into service.php at line 92 but its still not getting triggered. I’m not hitting a bug am i? Since a fellow user @sjones2701 reported a tiny similiar issue a week ago, you sure it should work? To my knowledge the wp_get_current_user function cannot dump a good result because its not authenticated and i only have one (admin) user in my wpusertable, so thats probably why its getting a error 500.
Still wondering why other plugins are correctly working with SSO, for example iisauth.php has a simple code that is retrieving the REMOTE_USER with the following php code:
$username = substr($_SERVER['REMOTE_USER'], strrpos($_SERVER['REMOTE_USER'], '\\') + 1);
and then insert $username into the wpusertable. Thats working perfectly in my WordPress enviroment, but i need some other features that your plugin has.Anyway thanks for your support, i will also try to get it work by editing the plugin.
Not to be picky or something but i can also confirm that miniorange gets a working SSO on my own brand-new WordPress setup out-of-the-box so it must be this plugin which handles SSO incorrectly. Hope the author can/will test this latest setup; WP 5.5.3, PHP7.4.12 installed on a clean WinServer2012 setup (IIS8.5), no other plugins or programs installed.
FYI, steps to reproduce:
– Installed WP 5.4.4 (that one should be supported by NADI) on a new DB;
– Installed NADI;
– Configured NADI;
– Disabled Anonymous Authentication in IIS, enabled Windows Authentication (Negotiate over NTLM)Results in … Server Error 500 …
Theres definately something wrong in the plugin.
I also tried to rewrite the REMOTE_USER with Helicon Manager and when dumping the $_SERVER i can clearly see the rewrite is succesfull buth NADI still gives the same error/result. Will investigate further…
Ok finally getting somewhere now, no PHP errors are logged btw…. but….
It came to my attention that when i disabled Anonymous Authentication there was immediately no logging from the plugin added to the logs when i hit F5 on the website and the error 500 it produces states exactly:
500 - Internal server error. There is a problem with the resource you are looking for, and it cannot be displayed.The resource that its probably been looking for all the time (and probably needs write access to it) is the log file. But since “Authenticated Users” has no write access to the log file in the plugindir it just ends up with this error.
TL;DR:
– When logging is enabled within this plugin you need to give “Authenticated Users” write/modify access to the logdir.
or
– Just dont enable logging at all.Basicly it all should have worked before when i just let the plugin logging disabled. Please fix this in the next release or mention it somewhere.
Will implement the plugin on our production site soon since its now working correctly.
- You must be logged in to reply to this topic.
