tbenyon
Forum Replies Created
-
Forum: Plugins
In reply to: [External Login] Keeping password localThis is just pseudocode but by using this hook, rather than use External Logins logic to validate if the password is correct, you do your own check.
In this case we use WordPress’ built in
wp_authenticate()method to validate the password.You could add additional logic to check to see if the user already exists is WordPress use one way of authenticating and if they do not exist use another way?
I have not tested this – just showing as example. I document this hook in the FAQ if you want to have a read.
function myExlogHashAuthenticator($password, $hashFromDatabase, $username, $externalUserData) { $authenticateResponse = wp_authenticate($username, $password); return !is_wp_error( $return ) } add_filter('exlog_hook_filter_authenticate_hash', 'myExlogHashAuthenticator', 10, 4);Happy to help more if you need more help š
Forum: Plugins
In reply to: [External Login] Keeping password localHey Jorge,
There are a couple of solutions.
I have a hook that allows you to write custom validation of the password. It was written to help users support custom hashing solutions but you could use it to validate against the local WordPress password.
Alternatively, you could use the WordPress hook for when password change is made and update the external DB at that time. For ensured consistency you could block the password update in WordPress if your connection to the external db and the update was not successful.
If one of these sounds useful Iām happy to thrash out a bit of pseudocode to get you started if it helps. š
Thanks,
Tom š
Forum: Plugins
In reply to: [External Login] Connecting to MSFT Azure CloudMarking as resolved as I’ve not heard back. Feel free to get back in contact here if you have any further questions š
Thanks,
Tom
Marking as resolved as I’ve not heard back. Feel free to get back in contact here if you have any further questions š
Thanks,
Tom
Forum: Plugins
In reply to: [External Login] 500 error with postgresMarking as resolved as I’ve not heard back. Feel free to get back in contact here if you have any further questions š
Thanks,
Tom
Forum: Plugins
In reply to: [External Login] Custom hash for passwordMarking as resolved as I’ve not heard back. Feel free to get back in contact here if you have any further questions š
Thanks,
Tom
Forum: Plugins
In reply to: [External Login] SHA1 and MD5Hey @danfelbm,
I haven’t heard back for over a week so I presume you know what you’re doing now so I’ll mark this as resolved.
If you have any more questions though, don’t hesitate to come back to me and I’ll be more than happy to help. š
Thanks,
Tom š
Forum: Plugins
In reply to: [External Login] Keeping password localHey @jorgeviejo,
Apologies for the delayed response.
I’m not sure I fully understand your requirement but there is a ‘migration’ mode setting which may achieve what you are looking for.
So the normal flow of the plugin is that when a username and password are entered on the login screen, the external database is queried. If the connection to the external database succeeds and the username exists in the external database then the user will be authenticated against that password hash.
If the user does not exist, it will look to see if there is a local user in WordPress and log the user in with that username and password. (You can disable using the WordPress data as a fallback using ‘disable local login’ but I don’t think this is what you’re looking for).
Now, there is another setting which is migration mode. Essentially it checks to see if a user with the username exists in the local WordPress install first and tries to login with that user. If not, it then looks to the external database to see if a user exists, and their password is valid and then creates the user in the WordPress database (which would then be used for future logins).
It is important to note that the plugin does not currently support syncing to the external database. In other words, if you change the password in WordPress it will not update the password in your external database.
I think I’ve answered your question so I’m going to mark this as resolved, however if you have any more question please don’t hesitate to post back here and I’ll be happy to help š
Thanks,
Tom
Forum: Plugins
In reply to: [External Login] User need to login both the site?Hi @sohom,
Apologies for the delayed response.
The basic answer is no, the plugin doesn’t support SSO.
The plugin does not support syncing or data or sessions. It simply allows a user to login to WordPress with a password hash stored in another platform.
If you want to achieve SSO that is a custom process that would require a chunk of development work.
It’s possible that you could use that plugin as part of that flow by tying into the available hook but there is a lot of work to be done on both systems.
I think I’ve answered your question so I’ll mark this as resolved.
However if you have any more questions, please don’t hesitate to get back in contact š
Thanks,
Tom
Forum: Plugins
In reply to: [External Login] Call to undefined function sqlsrv_connect()Awesome. Let me know how it goes š
Forum: Plugins
In reply to: [External Login] Call to undefined function sqlsrv_connect()Hey @joannabiava,
I don’t believe this is a problem with the plugin. You need to ensure your PHP install has the drivers required to communicate with Microsoft SQL Server.
https://www.microsoft.com/en-us/download/details.aspx?id=20098
I hope this helps š
Let me know how you get on.
Thanks,
Tom š
Forum: Plugins
In reply to: [External Login] SHA1 and MD5If that salt is stored in the user table, you will have access to it here. If that is the case let me know and I can show you how to make it work š
Forum: Plugins
In reply to: [External Login] SHA1 and MD5Hey Daniel,
This doesn’t look right unfortunately but it is a good start.
The goal here is not to return the hash but to validate if the password provided is correct.
Inevitably checking that the hash that you generate in this function, matches the hash that is stored in your database.
The salt is not $hashFromDatabase. It is something that will be unique to your external system. In some systems every user has their own salt (the most secure way of doing it) and in some systems there is one salt for all systems.
You’ll have to research your system to find out what it uses for salting passwords when hashing.
Your end solution will look something like this:
function myExlogHashAuthenticator($password, $hashFromDatabase, $username, $externalUserData) { return sha1(md5($password) . 'someSaltHere') === $hashFromDatabase; } add_filter('exlog_hook_filter_authenticate_hash', 'myExlogHashAuthenticator', 10, 4);If you’re confused about what a salt is and this is not making sense I would strongly recommend this article:
https://martinfowler.com/articles/web-security-basics.html
Skip to the title: “Hash and Salt Your Users’ Passwords”Hope this helps š
- This reply was modified 6 years ago by tbenyon.
Forum: Plugins
In reply to: [External Login] SHA1 and MD5Hey @danfelbm,
The plugin supports custom hashing systems.
I recently wrote a support post on it here:
https://wordpress.org/support/topic/custom-hash-for-password/Does this answer your question?
Thanks,
Tom š
Forum: Plugins
In reply to: [External Login] Additional futures?Hi @kader1303,
Although some users have contacted me privately by finding me on networking platforms, it is against the policy of the forum to share any contact details.
Happy to hear what you needed here though?