WordPress, IIS, and Identity Management
Interesting day today! Stood up wordpress in the middle of the night one day last week and today felt the urge to put some more bits into the b’sphere. Was going to talk about the problems facing any system engineer – especially balancing work and life. That brings up a whole range of subjects upon which one can talk (the value of time, at what price time can be sold, the fallacy of fear-based workhabits, and so on).Ă‚Â However, being a technologist my first thought was how to login to my own wordpress blog (it runs on IIS7 on W2K8R2). Of course I could create user IDs but how boring is that? Instead why can’t I login using my Google account?
Immediately found the Google Identity Toolkit, which has a special plugin for wordpress (see http://wordpress.org/extend/plugins/google-identity-toolkit/). There were immediately a couple of issues to think about:
- It is written for Apache. What if one runs WP under IIS7?
- Minimal documentation (basically: “unpack and enter your API key and it works”).
Both are items to view with grave suspicion, borne out as it turns by real-world experience. Because while the plugin does magically work (I immediately got a “Login” button on the site) and clicking on that Login button gave me a choice of Google / Yahoo / AOL (???) / Hotmail when I clicked any option I simply saw a message that a popup window was accessing “my IDP” but then nothing happened.
Not only that, but the GIT activation disables standard wp-admin login so I was effectively locked out of the blogsite. That’s not so useful!
Fortunately, found a simple and easy way to disable the GIT plugin from http://www.packetmischief.ca/2011/04/19/disable-wordpress-plugins-from-the-shell/ – simply download the PHP script, copy to your wordpress directory, and run it as “php wp-disable-plugins.php” and you are shown the GIT plugin to use as the command option.
So it was onto debugging…using my preferred browser for that task (Firefox) and a combination of the built-in dev toolbar as well as the reliable HttpFox FF plugin. I quickly saw the following sequence of calls being made:
00:00:58.839   0.302   668   (256)   GET   (Cache)   image/png   https://www.google.com/uds/modules/identitytoolkit/image/close-x.png 00:00:58.901   0.243   613   (3695)   GET   (Cache)   image/png   https://www.google.com/uds/modules/identitytoolkit/image/gmail-ac.png 00:00:58.920   0.226   613   (3376)   GET   (Cache)   image/png   https://www.google.com/uds/modules/identitytoolkit/image/yahoo-ac.png 00:00:58.935   0.214   611   (1804)   GET   (Cache)   image/png   https://www.google.com/uds/modules/identitytoolkit/image/aol-ac.png 00:00:58.951   0.203   615   (3695)   GET   (Cache)   image/png   https://www.google.com/uds/modules/identitytoolkit/image/hotmail-ac.png 00:01:42.372   0.118   612   (11864)   GET   (Cache)   image/gif   https://www.google.com/uds/modules/identitytoolkit/image/loading.gif 00:01:42.942   0.435   409   (730)   GET   (Cache)   text/html   https://www.googleapis.com/static/proxy.html?gcv=gcm_90d40b8b8d35c45c49316f2caef296c2.js 00:01:43.473   0.128   381   (21506)   GET   (Cache)   text/javascript   https://ssl.gstatic.com/gb/js/gcm_90d40b8b8d35c45c49316f2caef296c2.js
The above responses were from the point I clicked the “Login” button auto-generated by the plugin on my WP site, and then clicking the “Google” login from the popup window. After the last call to ssl.gstatic.com then…nothing happens.
First things first: it is time to simplify. Begin by disabling the metropress theme I was using as it adds kewl features (such as Facebook Likes and g+1) but at least one blog article on GITkit indicates that g+1 can have a javascript integration problem.
Next, the GITkit readme.txt file indicates that it “provides an Account Chooser widget, which allows users to login with their email address and password, and would like to replace that password with federated login.” Well – I have certainly not enabled email login to my WP site so I found an entry at http://botcrawl.com/how-to-login-to-wordpress-with-an-email-address/ which describes how to do that. Please note that I updated wp-includes\functions.php (under t WP main folder) with the following:
/**
* Allow login with email address
*/
function login_with_email_address($username) {
$user = get_user_by_email($username);
if(!empty($user->user_login))
$username = $user->user_login;
return $username;
}
Then I updated the wp-config.php in the WP main folder to have a single line added:
# login with email
add_action('wp_authenticate','login_with_email_address');
It is unclear to me if the functions.php I updated is the correct one; there are many of these files (generally one per theme in addition to 2 found in the wp-includes folder).
After making these changes – I am able to login with email.
Next, I reactivated the GITkit plugin in my WP site and opened a separate browser (chrome, for example). I clicked on Login, selected Google, and was correctly prompted for permission to link my gmail account to my WP site. Kewl! After I allowed permission I got an error message from my WP site about registration not being enabled. That is fine! It means that the javascript code and the plugins are working together nicely now (see the screenshot):
Finally, I went and created a local user account that maps to my gmail account and I am in. What a wonderful treat to be able to use my gmail account login to access my WP blog.
Hope this helps someone…I will solve the javascript integration problem at a later time.
Leave a Reply