This is the technical support forum for WPML - the multilingual WordPress plugin.

Everyone can read, but only WPML clients can post here. WPML team is replying on the forum 6 days per week, 22 hours per day.

Tagged: 

This topic contains 3 replies, has 2 voices.

Last updated by Yvette 3 months, 4 weeks ago.

Assigned support staff: Yvette.

Author Posts
June 20, 2019 at 12:13 pm #4059855

robertC-24

I am trying to:
Use sso and login to dashboard

Link to a page where the issue can be seen:
blog.habasit.com - for now testing on localhost with latest wpml version available

I expected to see:
Just login with all domains authenticated

Instead, I got:
over 300 requests and unuseable dashboard

June 21, 2019 at 11:17 am #4066573

Yvette
Supporter

Languages: English (English ) Spanish (Español )

Timezone: Europe/Madrid (GMT+02:00)

Hello again.

Can you please read this and tell me if this is applicable to your situation:
https://wpml.org/errata/single-sign-on-feature-not-working-due-to-setting-the-x-frame-options-to-sameorigin/

Thank you

June 21, 2019 at 11:47 am #4066831

robertC-24

I think that's unrelated.

I use several domains for translations.
I use "sign in to all domains" feature, that's where problem starts.

With the feature active after i log in to dashboard i get the following requests when logging in to dashboard:
```
hidden link
```
Because of "iframe hash" i presume it's being opened in some iframe. The request itself returns the homepage of blog. Then it downloads all the assets from the blog homepage wchich makes no sense because i'm logging into the dashboard.

Next there are other similar requests, these are malformed for some reason:
```
hidden link
```
These go for all languages defined. They are lacking the folder name for the proper blog location.

So there a bunch of requests hitting nothing and then:

```
hidden link
... and all other languages
```
wchich in response get
```
<script>
function sendXHRHttpRequest( params ) {
var xhr = new XMLHttpRequest();
xhr.open( 'POST', "hidden link", true );
xhr.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
xhr.send(params);
}
window.onmessage = function (e) {
var payload = JSON.parse(e.data),
userId = parseInt(payload.userId),
userStatus = payload.userStatus,
domains = ["http:\/\/localhost\/habasit-blog-backup\/","http:\/\/fr.be.blog","http:\/\/nl.be.blog","http:\/\/cn.blog","http:\/\/nl.blog","http:\/\/fr.blog","http:\/\/at.blog","http:\/\/de.blog","http:\/\/lu.blog","http:\/\/pl.blog","http:\/\/ru.blog","http:\/\/se.blog","http:\/\/usa.blog"];

if (-1 === domains.indexOf(e.origin)) {
return;
}

var params = 'action=wpml_sign_user&nonce=e0b6ff828d&user_id=' + userId + '&user_status=' + userStatus;

sendXHRHttpRequest(params);
};
</script>
```
I assume that's the proper response - not the first one (homepage markup)

Soon after this response there's another call for the:
```
hidden link
```
wchich again returns the homepage with all the assets and client downloads them again

This cycle repeats for 3 times...

I can provide You with .har file from the example login request result.

June 21, 2019 at 4:39 pm #4068519

Yvette
Supporter

Languages: English (English ) Spanish (Español )

Timezone: Europe/Madrid (GMT+02:00)

OK.

I think the best way forward for this is to ask you to provide us with a copy of your local host as follows:
https://wpml.org/faq/provide-supporters-copy-site/

Please include instructions on how to replicate the issue on your site (e.g. just login to dashboard of each domain?)

Once I can confirm it, I can then escalate the issue to our 2nd tier support group for more feedback. They will be more informed on sso mechanics and be able to respond to your questions more accurately and quickly.

Thanks

The topic ‘[Closed] wpml_sso_iframe loads blog homepage and 'kills' dashboard load’ is closed to new replies.