azuread / active-directory-b2c-wordpress-plugin-openidconnect Goto Github PK

Line 104 of b2c_authentication.php tries to get the 'emails' claim.

Even though I have emails selected as an application claim in my policy settings, the emails claim is not returned, so I get an exception on line 147 of class-b2c-token-checker.php with the message:

Undefined index: emails

I have previously installed this plugin on the server where WordPress was hosted internally on my company's hardware and it worked. However when I try to install it on the new WordPress site hosted on the Azure cloud get the following error.

When I am trying to active Azure Ad B2C plugin in my site , which is on azure server. In azure settings of AD B2C plugin I have to give mysiteurl/wp which is landing me on 404 page after login. If I am not giving /wp with my site url it is showing me below error:
Unable to log in
error:redirect_uri_mismatch
error_description:AADB2C90006: The redirect URI 'https://beta.aph.org/wp/\' provided in the request is not registered for the client id '8f9ec67d-0486-4309-8309-xxxxxxxxxxxxx'. Correlation ID: ca3a72cf-bf0b-4936-80ec-xxxxxxxxxxxx Timestamp: 2018-11-27 13:18:54Z

Hi!

Im happening to be integrating a multisite instalation with AAD under a LAMP Environment. Each time we complete the autentication flow, when redirected to the site, we get a http 500 error. Here's my apache error log:

PHP Fatal error: Uncaught Error: Class 'Crypt_RSA' not found in /var/www/html/wp-content/plugins/active-directory-b2c-wordpress-plugin-openidconnect/class-b2c-token-checker.php:73\nStack trace:\n#0 /var/www/html/wp-content/plugins/active-directory-b2c-wordpress-plugin-openidconnect/class-b2c-token-checker.php(134): B2C_Token_Checker->validate_signature()\n#1 /var/www/html/wp-content/plugins/active-directory-b2c-wordpress-plugin-openidconnect/b2c_authentication.php(99): B2C_Token_Checker->authenticate()\n#2 /var/www/html/wp-includes/class-wp-hook.php(286): b2c_verify_token('')\n#3 /var/www/html/wp-includes/class-wp-hook.php(310): WP_Hook->apply_filters(NULL, Array)\n#4 /var/www/html/wp-includes/plugin.php(453): WP_Hook->do_action(Array)\n#5 /var/www/html/wp-settings.php(471): do_action('wp_loaded')\n#6 /var/www/html/wp-config.php(109): require_once('/var/www/html/w...')\n#7 /var/www/html/wp-load.php(37): require_once('/var/www/html/w...')\n#8 /var/www/html/wp-blog-header.php(13): require_once('/var/www/html/w...')\n#9 /var/www/html/index in /var/www/html/wp-content/plugins/active-directory-b2c-wordpress-plugin-openidconnect/class-b2c-token-checker.php on line 73, referer:

It happens to point to the following lines of code:

// Convert RSA(e,n) format to PEM format $rsa = new Crypt_RSA(); $rsa->setPublicKey('<RSAKeyValue> <Modulus>' . $n . '</Modulus> <Exponent>' . $e . '</Exponent> </RSAKeyValue>'); $public_key = $rsa->getPublicKey();

Any ideas about what might be the problem? I haven't modified any code yet as it seems like a dependecy or configuration issue.

Thank you so much beforehand.

best regards,

Daniel.

There is no licensing information provided for the plugin, the plugin code states that the license is TBD so it's unclear what license does the plugin fall under. This is quite important when it's used on commercial projects (our customer flagged the license absence as an issue).

Can someone please add appropriate license information to the project?

Thanks!

Is it possible to use the b2clogin.com domain with this plugin, instead of the standard domain login.microsoftonline.com?

I need to use the b2clogin.com domain because it is the only one that support javascript on the signIn / signUp page.

https://docs.microsoft.com/en-us/azure/active-directory-b2c/b2clogin

As i activate the plugin and enter the required settings, this is what i get the attached error at my login page.

http://prntscr.com/fuqexi

Hello,
I have a multi site network and I'm using woo-commerce in one of those sites, I'm also using AAD B2C in order to keep my customers data secure, but im struggling with the multi-site configuration. Should every site on my network have it's own set of policies? How it should be set the proper reply uris for the application and the policy?

There's a few places that are hard coded that require WordPress to be at the root URL location.

Is it possible to map groups from Azure B2C to groups form Wordpress, if not doyou plan to deploy it?

For scenarios when there are multiple platforms accessing the Azure AD B2C, we would require user creation in WP to happen even during signing in, upon successful sign in from AD. Is there any configurations as such in this plugin?

Regards,
Sumin.

After downloading the current .zip and uploading to WP I get this error:

Could not copy file. active-directory-b2c-wordpress-plugin-openidconnect-master/vendor/phpunit/php-code-coverage/PHP/CodeCoverage/Report/HTML/Renderer/Template/coverage_bar.html.dist

Hello,

We are getting the error

"Unable to retrieve metadata from https://login.microsoftonline.com/c.onmicrosoft.com/v2.0/.well-known/openid-configuration?p="

I think its to do with this URL its making as when I hard code the url it works.

We are using a trial account i belive.

I have the plugin installed with the settings and all. However when I try to login via the admin url I get a 404 error message. To my understanding when the plugin is installed with proper configuration I should be redirected to a microsoft page starting with this url: https://login.microsoftonline.com/
But instead I don't get redirected and see a 404 page instead.

I've looked at some of the plugin files but cannot find any error. Any ideas what could be wrong?

Thanks.

Fatal error: Cannot use object of type WP_Error as array in D:\home\site\wwwroot\wp-content\plugins\aadb2c\class-b2c-endpoint-handler.php on line 24

Hi,
I've installed the ad b2c plugin for wordpress and I can successfully sign in but I can't see the admin bar with my user. When I sign up to wordpress site used as live example I can see it without any problem.
What could be the reason for that?

Hi,
We are trying to login with Global administrator user it showing below error.
Sorry, but we’re having trouble signing you in.
AADSTS90056: This endpoint only accepts POST, OPTIONS requests. Received a GET request.

Many Thanks!
Yugandhar

Hoping the Microsoft team can own the publication of this plugin to Wordpress.org.

Process is documented here: https://developer.wordpress.org/plugins/wordpress-org/

This plugin, when enabled, prevents access to the standard login method/page (at wp-login.php or wp-admin.php). This isn't a problem, unless you run into a B2C problem, or a configuration error.

This plugin:
https://github.com/psignoret/aad-sso-wordpress

Allows you to append to the login URL with: ?aadsso_no_redirect=please

This allows access to admin functions in the event of a problem. Other than that, the plugin works great (though it would be ideal to see hosted on the Wordpress Marketplace for quicker installs).

The root issue is creating an unnecessary single point of failure.

I was excited to find this plugin since I am working on securing a Wordpress site with Azure AD B2C. It seems like the intent is to create a production caliber Wordpress plugin, which I believe will be useful.

However, I ran into some problems getting it to work. The biggest problem was related to the autoload.php functionality. The autoload function is registered with "spl_autoload_register", but the logic does not restrict any class names. As a result, the logic for this plugin will run for any other plugin, theme, or the core Wordpress code that also uses spl_autoload_register. Since external classes are not found in this plugin's directory, fatal errors like the following are generated:

Warning: require_once(class-nav-menu-roles.php): failed to open stream: No such file or directory in /home4/public_html/wp-content/plugins/active-directory-b2c-wordpress-plugin-openidconnect-master/autoload.php on line 14. Fatal error: require_once(): Failed opening required 'class-nav-menu-roles.php'

Warning: require_once(class-wp-filesystem-direct.php): failed to open stream: No such file or directory in /www/wp-content/plugins/active-directory-b2c-wordpress-plugin-openidconnect-master/autoload.php on line 25. Fatal error: require_once(): Failed opening required 'class-wp-filesystem-direct.php'

In my case, since the Nav Menu Roles plugin logic runs on every page, the entire site was down with fatal errors on every request.

To reproduce this issue, try installing the Nav Menu Roles plugin (https://wordpress.org/plugins/nav-menu-roles/) on a Wordpress site that also has the Azure AD B2C plugin activated. The error should occur during the install since some of the core Wordpress code uses spl_autoload.

I’ve found that a good practice to follow when autoloading is to write the function so the logic only runs when the class belongs to the plugin. This can be achieved by looking at namespaces or prefixes, and looking for the file within the plugin directory.

The PHP Framework Interop Group (PHP-FIG) has a set of PHP Standards Recommendations (PSRs) that many developers follow. PSR-4 is dedicated to the Autoloader, and there is a lot of good information and best practices in the recommendation and examples: https://github.com/php-fig/fig-standards/blob/master/accepted/psr-4-autoloader.md

I was able to get the plugin working by modifying autoload.php. At the beginning of the function, I added code to ensure that the class includes the prefix for B2C classes, or for the Crypt and Math classes:

// only try to autoload AD B2C classes or their vendor dependencies
if ( 0 !== strpos( $class, 'B2C' ) && 0 !== strpos( $class, 'Crypt' ) && 0 !== strpos ( $class, 'Math' ) ) {
    return;
}

At the end of the class, I also checked to see if the class was found in the plugin directory:

$plugin_directory = plugin_dir_path( __FILE__ );
if ( file_exists( $plugin_directory.$class_filename ) ) {
    require_once $class_filename;
}

Would you like a pull request with these changes?

If I configure only sign-in policy with the plugin then after login with active directory, user is being redirected to site home page. Post login, even if i try to navigate to wp-admin again it is being redirected to the site home page only. I am unable to access the wordpress admin dashboard post successful login. This behavior is working fine if i configure both signup and sign in policies.

Hello

In our application, we do not want the user to be able to signup, only sign in via the application. Signup has a separate process. So we removed the Signup flow from AADB2C. After that, when we try to login via /wp-admin, we always get redirected back to the home page after login, instead of the wp-admin page. When trying to navigate to wp-admin then, the auth flow simple returns us to the home page.

Please advise.

Riaan Gouws