Skip to content

Frequently Asked Questions

Jump to bottom Edit New page
Sean McCafferty edited this page Jan 27, 2015 · 4 revisions

Frequently Asked Questions

  • Why does it look like the site hangs on the login page?

    • Short Answer - Wait for it to finish, depending on the number of site is may take a few seconds.
    • Long Answer - The plugin makes use of JSONP AJAX calls in order to authenticate with each site. In order to prevent a possible/likely race condition of updating the authentication tokens meta for the user, these calls are made synchronously. In certain cases where a site may be slow to respond or unavailable, the plugin will timeout for the site (after 2 seconds) and move to the next site.

  • The plugin does not seem to login me in to the other sites on my network that are of a different domain?

    • Make sure the plugin has been Network Activated through the WordPress network administration. This will require a user with network administration privileges.
    • Your web hosting / server may be incompatible or not setup to support methods used in the plugin.
    • The web server that hosts your WordPress application needs to allow JSONP requests. JSONP is used to get by cross domain access issues, as generally speaking, you can not make calls across to another domain.

  • It seems like there could be security issues... AJAX calls, with token information... Could you or someone else obtain my username/password?

    • Rest assured your username/password are NOT transmitted across to the other sites, nor is it stored in any other fashion than how WordPress authenticates a user. The plugin does not even have its own login page. Just to be clear, the plugin does not see your password! The plugin hooks in after a user has been authenticated for the site they signed in on. At this point the plugin generates its own unique "SSO Object" for each of the network sites. This object contains a generated user hash, the timestamp, your user id, your IP address, browser user agent, the source blog's id and the destination's blog id. All of these items are then encrypted and stored within the database. The user is then presented a nice "Please wait" page, SSO links are generated containing their respective SSO Object and the AJAX requests are sent. The plugin implements the same type of security WordPress authentication uses; hashes, IP addresses and user agents comparisons. In addition, timestamps have an expiration and the SSO object needs to be complete! If ANY of these fail, the authentication will fail. Oh and most importantly! Each SSO object can only be used once! Once all of the authentication is completed the user is redirected back to the homepage they logged in on. Why are we going into so much detail here? Well this can all be deduced by examining the code, just trying to make it easy!
Add a custom footer
Add a custom sidebar
Clone this wiki locally