I can logon with AD, but not with SSO
Account suffix on page "User" is set to @domain.com
I logged on with mySAM user name and try to open site home page.
Site opens without user bar.
Log records:
2023-09-18T09:51:59.684270+00:00 [DEBUG] Dreitier\Nadi\Authentication\SingleSignOn\Service::findUsername [line 250] SSO provided username for environment variable "REMOTE_USER" is "mySAM'
2023-09-18T09:51:59.684550+00:00 [DEBUG] Dreitier\Nadi\Authentication\LoginService::getWordPressUser [line 479] Local WordPress user 'mySAM' could not be found
2023-09-18T09:51:59.684759+00:00 [DEBUG] Dreitier\Nadi\Authentication\SingleSignOn\Profile\Locator::locateBySuffix [line 95] Looking up SSO profile by UPN suffix fallback for credential 'Credentials={login='mySAM',sAMAccountName="mySAM",userPrincipalName="mySAM",netbios="",objectGuid='',wordPressUserId='',kerberosRealm=''}'
2023-09-18T09:52:00.025217+00:00 [DEBUG] Dreitier\Nadi\Authentication\SingleSignOn\Profile\Locator::locate [line 66] Profile match:
2023-09-18T09:52:00.025314+00:00 [ERROR] Dreitier\Nadi\Authentication\SingleSignOn\Service::authenticate [line 160] User could not be authenticated using SSO. Unable to locate a matching profile for 'mySAM'
But if I logon using wp-login.php, I can access wordpress and see my login on "Users" page with [NADI User] flag set.
I can login with only sAMAccount or sAMAccount + domain. Both accounts are working.
When I use "Test authentication" page, I successfully logon, Log output is:
INFO System Information:
INFO - PHP: "8.1.12"
INFO - WordPress: "6.3.1"
INFO - Active Directory Integration: "3.0"
INFO - Operating System: "Linux wp.domain.com 5.4.0-110-generic Ubuntu SMP Mon Apr 10 21:37:12 UTC 2023 x86_64"
INFO - Web Server: "fpm-fcgi"
INFO - adLDAP: "3.3.3 EXTENDED (20221201)"
INFO *** Establishing Active Directory connection ***
INFO A user tries to log in.
DEBUG Credentials={login='mySAM',sAMAccountName="mySAM",userPrincipalName="mySAM",netbios="",objectGuid='',wordPressUserId='',kerberosRealm=''}' with authenticatable suffixes: '@DOMAIN.COM'.
INFO LDAP connection is not encrypted
DEBUG account_suffix =
DEBUG base_dn = DC=domain,DC=com
DEBUG domain_controllers = domain.com
DEBUG ad_port = 389
DEBUG use_tls =
DEBUG use_ssl =
DEBUG network_timeout = 5
DEBUG allow_self_signed =
DEBUG ad_username =
DEBUG ad_password =
WARNING Username for the sync user does not contain a correct suffix. If the connection to the ad fails, this could be the cause. Please make sure you have added all UPN suffixes to the configuration tab User -> Account suffix.
DEBUG Trying to authenticate user with username 'mySAM' and account suffix '@DOMAIN.COM'
DEBUG Authentication successful for username 'mySAM' and account suffix '@DOMAIN.COM'.
WARNING Query 'UserQuery={principal="[email protected]",isGuid=''}' did not return any values. Does the sAMAccountName or userPrincipalName exist? Is the provided base DN valid? Is the Kerberos realm mapped
DEBUG UserInfo for user 'UserQuery={principal="mySAM",isGuid=''}': cn={mySurname, myName}, sn={mySurname}, description={myName mySurname}, givenname={myName}, displayname={myName mySurname}, objectguid={59a23c-1111-4234-2222-f346710a44a}, useraccountcontrol={512}, objectsid={H3N�jP4U�D�u}}, samaccountname={mySAM}, userprincipalname={[email protected]}, mail={myName.mySurn[email protected]}
[STATUS] User logged on.
What am I doing wrong?
