Error No User Found In Server Variables
a GitHub account Sign in Create a gist now Instantly share code, notes, and snippets. Star 1 Fork 0 JASchilz/wp-shib-pc-login.md Last active Oct 7, 2015 Embed What would you like to do? Embed Embed this gist in your website. Embed Share Copy sharable URL for this gist. Share Clone via HTTPS Clone with Git or checkout with SVN using the repository's web address. HTTPS Learn more about clone URLs Download ZIP Code Revisions 21 Stars 1 Instructions for UWNetID Wordpress Login @UW Raw wp-shib-pc-login.md UWNetID WordPress Login @UW Introduction The basic flow of UWNetID WordPress login is: Use an .htaccess file to "protect" the login/admin files, via PubCookie or Shibboleth. User is directed to https://weblogin.washington.edu/ to authenticate. When they return, their UWNetID is provided to Php through the $_SERVER["REMOTE_USER"] variable. A plugin checks this variable against the set of WordPress usernames and logs the end user in to a matching user. Requirements To use UWNetID login, you must: Be able to create and edit files within your WordPress directory. Be able to install a plugin. Be on a UW-IT provided server. It may be possible to use UWNetID login if you're not on a UW-IT provided server, but you'll have to have server administration skills and permission to connect to UW-IT's authentication services. Deficiencies, Dangers, and Mitigation The WordPress plugins available for handling this process have not been updated in 2+ years. This introduces security concerns into authentication, which is a security-critical process. To mitigate this risk, this guide UWNetID-whitelist protects all login and admin files: user access to login and admin are whitelist restricted at the web-server level. To my own satisfaction, this means that if the plugin we're using does introduce vulnerabilities, only those users in my whitelist will h
in this version include: Use of pluggable functions for authentication instead of plugin hooks Revamped multi-user support, now that WordPress 3.0 includes it New options page, using the settings API I've tested the plugin extensively, but please let me know if you run into problems with your setup. Nothing should need to change in terms of your configuration. If you're running WordPress 3.0, please upgrade using your WordPress plugin interface or download a zip file and install the files on your server. Update: I've released version 3.0.1 with an improvement in how the plugin interacts with WordPress authentication cookies. Download a zip file. Update: I've released version 3.1. This version contains no changes from 3.0.1, just a new version https://gist.github.com/70d6f9fa82ffb3a4372d number to make it the latest version on the plugin page. Download a zip file. Update: I've released version 3.2, with a minor fix for creating users. Download a zip file. Comments Comment from Bryn on Jul 14 Daniel, I've got plugin 3.1 on one particular server, and that version of (freshly upgraded) wordpress will not allow me to create a new user. It says: ERROR: Please enter your password. but there's no field for password like https://danieltwc.com/2010/http-authentication-3-0/ there normally would be. Is this you or is this WP? Reply Comment from dwc on Jul 14 Ah, you're right. I mistakenly removed the password generation while updating the plugin because I didn't think it was needed any longer. I've committed a fix. Could you give the development version a try again? Thanks! Reply Comment from Adam on Jul 16 Hello, First off, thanks for updating your plugin! Now on to my error. I've been trying to get http-authentication working with a completely fresh wordpress 3 install for a couple days now, it was working at one point, but it stopped as of some time yesterday. I setup a fresh install this morning to do some more testing and get a "No REMOTE_USER or REDIRECT_REMOTE_USER found." error message whenever a user tries to login with http authentication on the /wp-login.php page (http://i.imgur.com/W5UNN.png). I threw some var_dumps into the top of the wp-login.php page and confirmed that, at that point, both of those variables are null. The user I am trying to login with is admin, which has an entry in the wordpress user database as well as an entry in the .htaccess and .htpassword file in the /wp-admin directory. Any thoughts? Reply Comment from dwc on Jul 16 Adam, It doesn't sound like Apache is protecting the wp-login.php file. Did you als
with othe auth plugins HTTP Authentication doesn't work with othe auth plugins litinoveweedle @litinoveweedle 12 months ago Hello, there is problem with the way how plugin handle filter hook via: https://wordpress.org/support/topic/http-authentication-doesnt-work-with-othe-auth-plugins/ add_filter(‘authenticate', array($this, ‘authenticate'), 10, 3); Lets suppose, that other auth plugins http://legacy.community.bonitasoft.com/groups/usage-operation-5x/resolved-error-no-user-found-autodetectsecuritycontext using similar hooks to authenticate by different means. I personally observer this problem with LDAP Auth. Suppose that you have hooks like this (and please do not ask me why all plugins authors choose 10 as filter priority, I do not know 🙂 add_filter(‘authenticate', array($this, ‘ldap_auth'), error no 10, 3); add_filter(‘authenticate', array($this, ‘authenticate'), 10, 3); add_filter( ‘authenticate', ‘wp_authenticate_username_password', 20, 3 ); add_filter( ‘authenticate', ‘wp_authenticate_spam_check', 99 ); Base on docs: https://codex.wordpress.org/Plugin_API/Filter_Reference/authenticate there are 3 parameters of the hooked function ($user, $username, $password) $user (null or WP_User or WP_Error) (required) null indicates no process has authenticated the user yet. A WP_Error object indicates another process has failed the error no user authentication. A WP_User object indicates another process has authenticated the user. Lets see how HTTP Auth use this variables: function authenticate($user, $username, $password) { $user = $this->check_remote_user(); HA! there is a problem on the first line! Suppose that LDAP Auth plugin hooked before HTTP Auth and successfully authenticated user. But HTTP Auth without checking value of $user overwrite it by returned value from checking http user env variable. If it is not set, whole authentication will fail, even if the user was successfully authenticate by the previous plugin!. What should be done instead in each! auth plugin is to check, if the previous authenticate filter did not set $user variable to wp_user object, for example: function authenticate($user, $username, $password) { if (! empty($user) && ! is_wp_error($user)) { return $user; } $user = $this->check_remote_user(); Otherwise each subsequent plugin will simply overwrite $user by it's results. Could you please include proposed check into the code, I am too lazy to do backporting. :-))) Kind regards Litin https://wordpress.org/plugins/http-authentication/ Viewing 1 replies (of 1 total) litinove
Blog Get Bonita BPM Answers Projects Ideas Resources F.A.Q Tags Members Social Legacy Forum Blog Get Bonita BPM [Resolved] Error: No user found from AutoDetectSecurityContext × Warning message This is the legacy website. Please go to the new one : http://community.bonitasoft.com to see last topics or if you want to post. × Modal title ... Post submitted by edouard.lafon Mon, 10/25/2010 - 09:14 Hi I deployed bonita on jboss5.1 When I login i am getting the following error.
org.ow2.bonita.util.BonitaRuntimeException: Bonita Error: bsi_ADSC_1
No user found from AutoDetectSecurityContext. Please configure environment to define which securityContext must be used
org.ow2.bonita.facade.AutoDetectSecurityContext.getUser(AutoDetectSecurityContext.java:42)
org.ow2.bonita.facade.APIInterceptor$APIInterceptorCommand.execute(APIInterceptor.java:84)
org.ow2.bonita.services.impl.DefaultCommandService.execute(DefaultCommandService.java:44)
org.ow2.bonita.runtime.tx.StandardTransactionInterceptor.execute(StandardTransactionInterceptor.java:55)
org.ow2.bonita.services.impl.EnvironmentInterceptor.execute(EnvironmentInterceptor.java:40)
org.ow2.bonita.services.impl.RetryInterceptor.execute(RetryInterceptor.java:57)
org.ow2.bonita.facade.APIInterceptor.invoke(APIInterceptor.java:116)
$Proxy279.generateTemporaryToken(Unknown Source)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:597)
org.ow2.bonita.facade.interceptor.ClientAPIInterceptor.invoke(ClientAPIInterceptor.java:69)
$Proxy280.generateTemporaryToken(Unknown Source)
org.bonitasoft.console.security.server.api.impl.CredentialsEncryptionAPIImpl.generateTemporaryToken(CredentialsEncryptionAPIImpl.java:156)
org.bonitasoft.console.security.server.CredentialsEncryptionServlet.doPost(CredentialsEncryptionServlet.java:101)
javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
My bonita.sh file is:
echo Setting Bonita Environment variable
JAVA_OPTS="$JAVA_OPTS -Djava.naming.factory.initial=org.jnp.interfaces.NamingContextFactory"
JAVA_OPTS="$JAVA_OPTS -Djava.naming.provider.url=jnp://localhost:1099"
JAVA_OPTS="$JAVA_OPTS -Dorg.ow2.bonita.api-type=EJB2"
JAVA_OPTS="$JAVA