Jump to content

Blesta to WordPress SSO


ElPatron

Recommended Posts

Hi Everyone,

As mentioned in a few other places on this forum -- many like myself looking for a Blesta-WP proper SSO Plugin.

I have a development team working on it to satisfy our own requirements, and will explain those.  Please reply accordingly if you think there is something that should be done or looked at.

So we are limiting signups to only email (hiding username) ; that could come into play with this.  So someone could test it with a username enabled setup.

Of course, email & password is sync'd to WordPress.  If user changes either, the related WP user gets updated.  This is already tested and working.

Functionality:
When a user signs up and has no product purchased (yet), they get added into WP under "X Inactive" group. (Ex. General Inactive).

After completed Purchase, they are then re-assigned into "X Active".  This is how Amember does it also with their SSO, and makes sense, so you can limit access/restrictions in Wordpress according to that "Role".

*NOTE*  In Blesta its called a "Group" ; in Wordpress its a "Role".  Relax if I say one or the other in the wrong spot, it basically amounts to the same thing.

Bonus:
Multi-Company Ability

So I'm having this setup where Company X in Blesta will SSO with Wordpress installed at URL 123.com ; and Company Y will SSO with Wordpress Installed at ABC.com.

So seperate Company, seperate WP installs to SSO with.
Of course, some of you may have "pipe dreams" (aka: requirements/preferences) of this working where, Company X adds to WP under configurable "X Active/Inactive" Roles.
And Company Z adds to same WP under "Z Active/Inactive".

Its not happening, atleast not in this initial version from my side.  But there is hope for the future.

As I said above, reply if you think there is anything else that should be looked at.

Look forward to doing this properly.

P.S. We are also developing under nginx and PHP 7.1.x.

Will wait a bit later in the year to go with PHP 7.2.x

Link to comment
Share on other sites

  • 2 weeks later...

don't forget to add a cron to sync users with no active service to a "X Inactive" group under wordpress, that mean if a user purshase a service this month, after 3 month he didn't renew the service, then he should marked as inactive in wordpress .

what happen if the user change the password in wordpress profile? it should has a reverse action .

my last question, why you should use wordpress ? :)

NOTE, we don't use WordPress or willing to use it in the future :blesta: .

Link to comment
Share on other sites

  • 1 month later...

Just before I give an update, I find on every forum I've visited, the original request/poster getting derailed.
Example: Q: "Where can I find cheap HIV treatment?"
Forum Answers: "Why did you get HIV in the first place ?  Did you share needles ?" etc.. etc..

I believe if someone really wants to know the true answer for using Wordpress, you can add me or anyone else who uses it on a Voice Calling App, and have a proper conversation.
There are many use cases and reasons for it.  So you can PM me your Skype/Wechat/Whatsapp/Line/Signal anything you want, and we can do a call and talk about alternatives and ideas.

But for this thread, onto the task.

Update on Development:

I've had my developers successfully integrate it, where user updates their email, password, service, and things sync to Wordpress.
The only issue, is its done by editing Blesta on the code level.  Not by "plugin".  This is not going to be good for patching/updates to Blesta, therefore I don't see it as a realistic solution.

The one open issue that cant be done in the plugin, is the password.  Once this can be done, then plugin will be complete, and it can survive any Blesta updates.

We have reviewed API docs, handlers, etc.. and cannot find a "trigger" that alerts or sends the new password (user changes their password) to a "handler" or some call, so our Plugin can take that and apply to Wordpress DB.

If anyone knows the solution, or can get Blesta Dev's to have it created, then we can finalize the integration.

Until then, we will roll on with WHMCS.

Bonus:
I believe what makes WHMCS-WP integration work (with password changes) is their API for it.

They have:
https://developers.whmcs.com/api-reference/getclientpassword/

https://developers.whmcs.com/api-reference/decryptpassword/

https://developers.whmcs.com/api-reference/encryptpassword/

I'm not trying to start a battle here or anything, just sharing information that could get Blesta improved and more utilized across various integrations.

Thanks everyone, and continued success.

Link to comment
Share on other sites

Good luck but since Blesta uses a secure password hashing called bcrypt there's no way both software can have the same password since you can't decrypt it and then rehash it with WordPress. 

 

If WordPress did password hashing with Bcrypt you could use the same system hash but again if a hacker hacks WordPress sets up a password uses that hash for the Blesta admin password in the database then your Blesta is comprised. 

You can say how cant Blesta do it when Whmcs can and the reason being Whmcs doesn't use Bcrypt probably and it can be unhashed.

 

The only way would be to edit blesta.php and turn on md5 hashing.

 

 

Link to comment
Share on other sites

  • 1 month later...

Have you taken a look at the Shared Login plugin for Blesta?

I would have used that plugin to allow for SSO to Blesta, or integrate OAuth support with something like this Wordpress plugin. This will get you to log in to Wordpress via Blesta. From there, you can use Blesta's API to retrieve information on the client, like whether they have any services, and redefine their role in Wordpress.

If Blesta needs to push notifications to Wordpress, you can create a Blesta plugin that listens to certain events and makes API requests to the Wordpress installation to perform necessary actions.

Regarding user authentication passwords, these will never be decryptable in Blesta and they're not supposed to be encrypted anyway for security reasons.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...