Support » Plugin: WordPress + Microsoft Office 365 / Azure AD | LOGIN » Your login might be tampered with. Please contact your System Administrator.

  • I want make an intranet in my site.

    I’ve already followed all steps I saw in this video: https://www.youtube.com/watch?v=lzqJSWrybvk&feature=youtu.be

    But when I click in “Test Authentication” it results in the message “Authentication test failed.”

    in the popup that opened appears the login screen of wordpress with the following error message: “Your login might be tampered with. Please contact your System Administrator.”

    Someone can helpe me with this? I dont know what to do.

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Author wpo365

    (@wpo365)

    Hi @andersonmichel … Chances are that you’re seeing this error because of some server-side cache is replaying an old request when the plugin is redirecting you to Microsoft. That request contains a so-called nonce value that is supposed to be unique (or at least it’s only valid for a short time). This value is returned as part of the response from Microsoft and then validated by the plugin. To prevent this from happening, you should make sure that:

    1. the redirect URI that you’ve configured for your website’s application registration in Azure AD is your WordPress admin e.g. https://www.example.com/wp-admin/ (also make sure that – in case you update the URL in Azure AD to also update the Redirect URL on the Single Sign-on tab of the plugin’s wizard)

    2. The option Don’t try to bypass server-side cache (on the plugin’s Miscellaneous tab) isn’t checked (this will send the user first to https://www.example.com/wp-admin/ before sending the user to Microsoft – because usually WP admin pages aren’t cached).

    There is a new option to skip the nonce check alltogether on the Single Sign-on tab. This should only be used as a last resort, though.

    Please let me know if you were able to resolve the issue!

    Ps, I have heard of users that simply logged out from Microsoft 365 to resolve the issue – however I don’t have an explanation why this would resolve the issue or actually why this would cause the issue in the first place – but it’s worth the try!

    Marco van Wieren | Downloads by van Wieren

    I’ve checked the redirect URI and it’s ok.. it’s a wordpress login page that is the same in Azure and in the Single Sign-on tab of the plugin’s wizard.

    I’m not using cache in my site but the error remains.

    I tried all the options that you mentioned (check Don’t try to bypass server-side cache, skip the nonce verification, logout from Microsoft 365) but they did not solve..

    Plugin Author wpo365

    (@wpo365)

    Hi @andersonmichel – If you want you can send me your debug log (you can copy it from the Debug tab) and your settings (you can copy those from the Import / export tab). You can use the online contact form https://www.wpo365.com/contact. I’m happy to analyze and give you feedback. I’m quite sure we’ll find out what’s causing trouble in your case!

    I just sent you the debug log and my settings through this form.

    But one thing I noticed is that the log is showing something that might be causing the problem:

    “[06-04-2019 14:14:07.411870] ERROR ( 7.1.13 ): Your login has been tampered with [nonce expired] (time: 1559657647)”,
    “[06-04-2019 14:14:07.429932] ERROR ( 7.1.13 ): NONCE is invalid and user will be redirected to default WordPress login”

    how can I fix this? The issue is actually the NONCE code?

    Plugin Author wpo365

    (@wpo365)

    Hi @andersonmichel I have answered you late Tuesday … Did you receive that email (maybe it has landed in the spam filter)?

    I can simply not explain what I see in the log file. The code is executed in a way that is not possible. I can s For me this means that somehow server-side caching is messing things up.

    The error is, from what it looks, definitely cache-related. There is something really suspicious going on. For example I can see (from the settings your sent me) that you have checked the option Skip nonce verification and that should literally skip the check and it is impossible for this error to occur. But still it occurs. That can only mean one thing: You (or you hosting partner) are using a server-side caching plugin / service and you need to purge the cache or else the new settings for the plugin are not registered, I think.

    Maybe try do delete the plugin and reinstall it fresh again?

    Also, you need to update the application registration in Azure AD and add the optional claims (see https://www.wpo365.com/azure-application-registration/#upn).

    Best wishes

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Your login might be tampered with. Please contact your System Administrator.’ is closed to new replies.