I am working on a client system where the setup is as follows:
1x WSO2 IdP & Key Manager server
1 x .NET Portal (used to handle logins, AD auth-authz etc, using Sustainsys.Saml2 package for WSO2 interaction)
1 x WordPress site using miniOrange SAML SSO 2.0 plugin
Now we had a strange issue where User1 logged into the WordPress web app and was able to see someone elses profile and information. They then logged out and tried this again and found someone else’s profile again so they closed down their browser at this point and left it.
The issue has not returned however we are concerned that it may be the WordPress site or the .NET Portal which provides the login pages for anyone trying to authenticate against AD via WSO2 server.
As per my understanding, you are looking for authenticating users in WordPress and .Net portal against their exising WSO2 credentials. You’ve setup the AD connection with WSO2 so that all the users in AD will be synced in the WSO2.
The issue you described seems related to the session of the user at WSO2. However, it’s still not clear how connections are made and user login flow.
Could you please reach out to us at firstname.lastname@example.org or raise ticket through Contact Us/Support form in the plugin? so that we can help you with the resolution.
Viewing 2 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic.
Need Help? We are right here!
Contact miniOrange Support
Thanks for your inquiry.
If you dont hear from us within 24 hours, please feel free to send a follow up email to email@example.com