Follow-up on #1476 : after having updated Wordpress to latest version, it seems it broken both the openid plugin and the fedora-autologin one (that one is responsible to automatically redirect to ipsilon IdP for openid login)
We'll have to investigate and find a solution, and also do that in parallel with Fedora infra team, having to deal with that for https://fedoramagazine.org/
Metadata Update from @arrfab: - Issue assigned to arrfab
Metadata Update from @arrfab: - Issue tagged with: centos-common-infra, high-gain, medium-trouble
Thanks to @misc , we have applied a workaround that works for now (but doesn't seem to work with latest 6.6.1 release from 6.6 branch, so we downgraded to previous release for now)
Keeping this ticket open so that we can all work on a different approach for auth as openid plugin itself is now deprecated (probably reason why it doesn't work on actual/latest wordpress release)
@misc : don't know if you had time to investigate this but I just gave it a try with https://wordpress.org/plugins/daggerhart-openid-connect-generic
While configured in wordpress, and also ipsilon, when it tries to reach out to ipsilon , it seems it's trying to use something that ipsilon doesn't support for openidc :
Traceback (most recent call last): File "/usr/lib/python3.6/site-packages/cherrypy/_cprequest.py", line 638, in respond self._do_respond(path_info) File "/usr/lib/python3.6/site-packages/cherrypy/_cprequest.py", line 697, in _do_respond response.body = self.handler() File "/usr/lib/python3.6/site-packages/cherrypy/lib/encoding.py", line 219, in __call__ self.body = self.oldhandler(*args, **kwargs) File "/usr/lib/python3.6/site-packages/cherrypy/_cpdispatch.py", line 54, in __call__ return self.callable(*self.args, **self.kwargs) File "/usr/lib/python3.6/site-packages/ipsilon/providers/openidc/auth.py", line 825, in __call__ return super(OpenIDC, self).__call__(*args, **kwargs) File "/usr/lib/python3.6/site-packages/ipsilon/util/page.py", line 85, in __call__ return op(*args, **kwargs).encode('utf-8') File "/usr/lib/python3.6/site-packages/ipsilon/providers/common.py", line 105, in root return op(*args, **kwargs) File "/usr/lib/python3.6/site-packages/ipsilon/providers/common.py", line 91, in GET raise cherrypy.HTTPError(501) cherrypy._cperror.HTTPError: (501, None)
openidc plugin now works on https://blog.stg.centos.org Only things to know, when configuring the plugin against ipsilon idp : Parse idp https://id.stg.centos.org/idp/openidc/.well-known/openid-configuration for parameters and so configure it like that at wordpress counter side (openidc plugin)
Login Endpoint : https://url-to-ipsilon/idp/openidc/Authorization Userinfo Endpoint URL : https://url-to-ipsilon/idp/openidc/Userinfo Token Validation Endpoint URL : https://url-to-ipsilon/idp/openidc/Token Identity Key: nickname Nickname Key : nickname Email Formatting: {email} Display Name Formatting: {name} Identify with User Name : checked box Link existing users : checked box create user if does not exist : checked box
@misc : FWIW, that plugin works fine with wordpress current (6.6.2) so I also migrated https://blog.centos.org to openidc and wordpress and auth is still working fine. I also disabled/removed the older/legacy openid plugin (and fedora autologin that was capturing the login form to inject openid/idp url)
Closing now
Metadata Update from @arrfab: - Issue close_status updated to: Fixed with Explanation - Issue status updated to: Closed (was: Open)
Log in to comment on this ticket.