WordPress miniOrange SAML SSO 2.0 plugin possible issue?

  • tahirk555
    Participant
    # 5 months ago

    Hi wonder if anyone can help me.

    I am working on a client system where the setup is as follows:

    1x WSO2 IdP & Key Manager server
    1 x .NET Portal (used to handle logins, AD auth-authz etc, using Sustainsys.Saml2 package for WSO2 interaction)
    1 x WordPress site using miniOrange SAML SSO 2.0 plugin

    Now we had a strange issue where User1 logged into the WordPress web app and was able to see someone elses profile and information. They then logged out and tried this again and found someone else’s profile again so they closed down their browser at this point and left it.

    The issue has not returned however we are concerned that it may be the WordPress site or the .NET Portal which provides the login pages for anyone trying to authenticate against AD via WSO2 server.

    Has anyone encountered this issue before?

    Thanks in advance.

    pranavinamdar
    Participant
    # 4 months, 4 weeks ago

    Hi Tahir,

    As per my understanding, you are looking for authenticating users in WordPress and .Net portal against their exising WSO2 credentials. You’ve setup the AD connection with WSO2 so that all the users in AD will be synced in the WSO2.

    The issue you described seems related to the session of the user at WSO2. However, it’s still not clear how connections are made and user login flow.

    Could you please reach out to us at info@xecurify.com or raise ticket through Contact Us/Support form in the plugin? so that we can help you with the resolution.

    Thanks,

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.