@mikegibbons4 are you able to confirm that your external authentication system is getting the input values it expects and is sending output that would otherwise redirect users as expected? From what you’ve described it sounds like RSA is properly directing access requests to your external authentication system, but I’m not sure how you have everything crafted in your set up to fully help triage.
@jeffpaul thanks very much for getting back to me. The flow for our site is that RSA intercepts the target page request and invokes WordPress login. This triggers another plugin that sends the login request (but not the target page) to the external authentication system; when authentication is successful, the second plugin logs the user in to WordPress.
In previous versions of RSA the target page is then displayed but with RSA v7.3.2 this no longer happens. Instead, the site home page is displayed. It seems that RSA v7.3.2 discards or forgets the target page request.
The settings that worked in v7.2.0 are:
– “Handle restricted visitors” is set to “Redirect them to a specified web address”
– “Redirect web address” is set to
http://<site name>/wp-login.php?redirect_to=https%3A%2F%2F<site name>
– “Redirect to same path” is ticked
Trust this helps. Thanks again.
@mikegibbons4 Thanks for the details.
I was able to reproduce this, confirming this as a bug. We will be working on the fix soon.
Thanks so much for your help and support, it is much appreciated.
Note that you can subscribe to https://github.com/10up/restricted-site-access/issues/222 and get updates on when this is resolved within Restricted Site Access.
Thanks for letting me know.
Any update on this? Our redirection is no longer working. The site should be restricted entirely, but is now wide open to the public. The only thing that was done recently, is our client added Cloudflare first, before hitting our server.
@guerrilladigital we’ve got a PR linked off that issue above that needs to get through code review/testing and then a release can happen to hopefully resolve this support forum post.
Hi all, this issue is fixed in the latest release 7.4.0. Please let us know if the issue is resolved for you.
Thanks in advance!
Siddharth, all, I’ve updated Restricted Site Access to v7.4.0 and the problem still seems to be occurring. I would like to regress to v7.2.0 to demonstrate that the problem is with v7.4.0. Would you let me me where I can download old versions of Restricted Site Access, please? Thanks.
Hi @mikegibbons4 thanks for letting us know.
During our manual and automated tests for 7.4.0, we couldn’t reproduce the issue faced on 7.3.2.
You can download the older versions here under the “PREVIOUS VERSIONS” section.
In the meantime, can you give us more information about your setup as well as the details of your site? You can get the site info under Tools > Site Health > Info > Copy site info to clipboard.
Siddharth, thanks for your post. I regressed to v7.2.0 and still have the problem though it is different to v7.3.2 – users are now taken to the SSO system’s home page. I have asked our developers to look into the problem and will post here if Restricted Site Access is not behaving as expected.
