mvanUsage
The Reply URL together with the Application ID is used by Azure Active Directory to authenticate requests that come from your WordPress application. It is also used by Microsoft to redirect the user after that user successfully signed into your WordPress website using Microsoft.
Configuration
You should enter here the default landing page of your WordPress backend and include a trailing slash e.g. https://www.my-website.com/wp-admin/ and this entry must match exactly one of the Reply URLs you entered for your registered the App in Azure Active Directory.
Please note that in earlier versions of this documentation it was recommended to redirect to your (front-end) website landing page. However, as it turns out there are possible issues with caching services either offered by plugins such as WP Rocket or by dedicated WordPress hosters.
- When you initially set the Sign-on URL, its value is used twice: To set the Homepage URL of your app registration and to add the (first) Reply URL for that same app registration. When you at a later moment need to update this URL, make sure you update the Reply URL and not the Homepage URL.
- The Sign-on URL must end with a slash “/” if you have configured URL-Rewrite for your WordPress installation. If you don’t know what this is, then it’s probably configured, because by default WordPress adds this rewrite-rule to your .htaccess file (when you’re using Apache). This will cause a redirect when the user navigates to https://www.your-website.com/wp-admin to https://www.your-website.com/wp-admin/. And when this redirect happens, we’ll loose all important login information sent across the wire by Microsoft. As a result the plugin will keep redirecting the user to https://login.microsoftonline.com… in an infinite loop.
- Make sure that the protocol (http or https) and hostname (your-website.com or www.your-website) for the URLs that you have entered in WordPress (see WP Admin > Settings > General > WordPress Address / Site Url) and the URL you’ve entered as Sign-on URL are the same. So if your WordPress Address / Site URL is https://www.your-website.com then your Sign-on URL must start with https://www.your-website.com/ and not with http://your-website.com (protocol wrong, missing www and missing trailing slash). Another example: if your WordPress Address / Site URL ist https://your-website.com then your Sign-on URL must start with https://your-website.com/**.
Supported version
| Version | Available |
|---|---|
| Basic | Yes |
| Professional | Yes |
| Premium | Yes |
Is there any way to redirect logged in user to a different front-end page?
At the moment a user gets automatically redirected to the page he/she requested initially and that required that user to be signed in. When the user isn’t signed into your website at that moment, the plugin will redirect first to Microsoft’s login page before Microsoft redirects the user back to page where he/she came from. This latter behavior, however, is done through a state property that is set by the plugin. I will take it into consideration to add a configuration option for this (there is already the goto-after configuration option, but that’s only for intercepted manual login attempts since it doesn’t make sense to redirect the user to the login page after he/she manually logged in).
i’m using this plugin and it works great
but now i’m having a strange issue:
in the beginning i configured it to redirect successful login to the wp-admin and it did
now my clients wants successful login to be redirected to the home page, so obviously i updated the settings accordingly (both in the plugin settings at the word-press dashboard and also in the azure app settings) but it doesn’t seem to have any effect and users are still being redirected to the wp-admin!
i have double checked the url settings is identical in WordPress settings, plugin redirect settings and azure app redirect settings and as far as i know there isn’t any caching plugin present
what can we do?
Hi Doron, there is basically no setting that tells the plugin to redirect the user to a dedicated page upon login. The Redirect URI setting is part of the authentication “handshake” required by Microsoft and yes, upon login the user is initially sent to this URL, but then the plugin redirects the user to the page he initially “intended” to visit before the plugin intercepted the request, analyzed it and concluded that the user is not logged in. The Premium Version offers a feature to intercept manual login attempts and only in that case the user is redirected to a dedicated “Goto After” URL (because otherwise the user would be redirected by to the login page, after having logged in.
Hi mvan and thank you so much for clarifying this issue! 🙂
we will definitely consider buying the Premium version of the plugin
Thank you, always happy to help!
I am trying to set this plugin to redirect to the page initially requested, but currently it just redirects to the front page of WordPress. I am also using same plugin for other pages in my system, and I’d really like to have a redirect back into that system (or wherever client was coming from) instead of always being sent to the WP front page.
Where is this config? I think I am missing something :-). Thank you so much in advance!
Hi Jakob. The default behavior of the Plugin is to redirect the user back to the page he/she initially requested. This is not related to the Redirect URI that you configured for the Azure AD app. If you use the professional or premium version you can override this behavior but otherwise the user should be sent back to the page initially requested. If this isn’t the case I’ll investigate if you let me know what version you are using.
Thank you for quick and super answer!
Ok, then the redirect is hardcoded somewhere – where can I look? What settings dictate this behaviour? Currently it always goes to front page, and I’d like to revert this, if possible.
It’s a crazy old version we run, which I will have to upgrade soon, but a bit scared of any unknown upgrade problems (many people using the site). Current version running is v4.2 :-). Is the upgrade filled with scary stories?
Any upgrade is always a bit scary, but I’m trying to make it as less scary as possible. Ideally, however, you always try to update as soon as possible. You can consult the change log to be able to see exactly how scary it will be. As I wrote earlier, the default behavior of the plugin should send the user back to page where he came from unless you have the premium version installed and configured a Goto after e.g. in combination with Intercept manual logins.
Thanks. Very strange, though, I see no mention of GoTo on any of the three pages “Azure AD”, “User Management”, “Miscellaneaous” or “Import / Export”. Where is this set?
Hi Jakob – Somehow I missed your latest comment and I know it’s a bit old by now. I think you didn’t see it because you’re using an older version and possibly not the premium version? Please let me know if you’ve been able to get things working by now or if you’d need any further support. Feel free to use the contact form to contact me.