wpo365 plugin detected ‘Could not successfully validate oidc nonce with value’

Resolved Sakthivel
(@saravanankanagaraj)

3 years, 6 months ago

Am getting below error on my wordpress dashboard, Please share the idea to fix the issue.
The WordPress + Microsoft Office 365 / Azure AD plugin detected the following (last three) errors that you should address.

[2020-10-25 14:49:54] Wpo\Services\Id_Token_Service::process_openidconnect_token -> Could not successfully validate oidc nonce with value ddcde0597c
[2020-10-25 12:57:53] Wpo\Services\Id_Token_Service::process_openidconnect_token -> Could not successfully validate oidc nonce with value df4ade9c58
[2020-10-25 06:18:53] Wpo\Services\Id_Token_Service::process_openidconnect_token -> Could not successfully validate oidc nonce with value 43808c82f5
Please take the time to review those errors. Once errors have been addressed you can safely dismiss this notice for now or check Hide error notice on the Debug tab of the WPO365 wizard to hide this notice permanently.

Regards,
Saravnan

Viewing 8 replies - 1 through 8 (of 8 total)

Plugin Author Marco van Wieren
(@wpo365)

3 years, 6 months ago

Hi @saravanankanagaraj

Unfortunately, it seems that this error is a difficult one to get rid off! I can’t be sure why you see this error, but I suspect it has to do with some form of server-side caching / AMP or similar.

You can navigate to WP Admin > WPO365 > … > Miscellaneous and check the option to Skip nonce validation. Nonce validation is part of the overall security, but it’s a very weak helper. More importantly you use SSL (but this is already enforced by Microsoft) and keep the plugin up-to-date at all times.

Hope this helps!

Thread Starter Sakthivel
(@saravanankanagaraj)

3 years, 6 months ago

Thanks for the quick reply,
Yes, the Plugin is up to date!
we are using the Autoptimize plugin to increase site speed. is this cause the problem?
now I have checked the option to skip nonce validation. is this any problem with security issues?

Optimizing Matters
(@optimizingmatters)

3 years, 6 months ago

Autoptimize does not do page caching so unlikely to be related, do you (or your host) have page caching active?

Plugin Author Marco van Wieren
(@wpo365)

3 years, 6 months ago

@optimizingmatters Thank you for your feedback!

@saravanankanagaraj As I already wrote, I don’t believe that there is a significant impact because the nonce is not a secret value.

Hope that helps!
Thread Starter Sakthivel
(@saravanankanagaraj)

3 years, 6 months ago
Hi @wpo365
Even skip the nonce verification still am getting the same error please check the below link to view the error page,
https://ibb.co/gZVbLXb
Please check the configuration page,
https://ibb.co/qChfSgB
Please share the knowledge to fix this issue.

Thanks,
Saravanan
- This reply was modified 3 years, 6 months ago by Sakthivel.
bilalbahij
(@bilalbahij)

3 years, 6 months ago

I got the same errors.
The users just got redirected to the Error-login-page, with the:
Your login might be tampered with. Please contact your System Administrator.

Plugin Author Marco van Wieren
(@wpo365)

3 years, 6 months ago

@bilalbahij and @saravanankanagaraj I will work on a solution and update the plugin in the course of today. Thank you for your patience!

Plugin Author Marco van Wieren
(@wpo365)

3 years, 6 months ago

@bilalbahij and @saravanankanagaraj – Please update the plugin to v11.14 that has just been released. I believe the nonce errors may be a result of users logging in when their WordPress session has not yet ended. In such cases WordPress may generate a different nonce.

The nonce verification error is still being reported but as a warning it won’t deny users access, since its value is not necessarily secret to start with.

Hope this helps and thank you for bringing this to my attention.

– Marco

Viewing 8 replies - 1 through 8 (of 8 total)

The topic ‘wpo365 plugin detected ‘Could not successfully validate oidc nonce with value’’ is closed to new replies.

Tags