How to authenticate with the SSO from an app?

i have a few domains but my main one needs the website software installed at / so i cant install any other apps and that’s fine. however some apps need to be logged in to use… and since my main domain is the “default domain” in yunohost, trying to visit any other subdomain that requires you to login forwards to the website because its the default domain. that’s also neat and all and best for security… but how would someone who’s supposed to use the SSO login use it? like my staff members need a link to login with while normal users just want to view the website.

bump.

Sooo eh, not sure what’s the question exactly.

If I understood correctly : you have a website hosted somewhere, but you would also like people to know how to easily access the SSO ? So eh, what about adding a link somewhere on your website with a link like “User Portal” pointing to the SSO portal ? Or is that not what you’re looking for ?

well, i’ll make it simple. my website is mothnet.xyz and so when staff go to staff.mothnet.xyz they can’t login because it goes to the “default site” to login… which has wordpress on it. so they cant log in. i’d change the default site to staff.mothnet.xyz for login… but then that triggers everyone’s email filters to block emails sent from my website because its sending from staff.mothnet.xyz and saying its from mothnet.xyz so theres a mismatch… so i need mothnet.xyz as my main website… but i also need a way for people to login to yunohost on staff.mothnet.xyz.

tl;dr, when i go to staff.mothnet.xyz i get forwarded to https://mothnet.xyz/yunhost/sso to sign in. which errors in a “404” page… how do i get my email server to be correct while also allowing people to login without a 404 error, while also keeping my website?

only staff members need to login… and the main website needs to not be a menu page. and while my domain.tld/yunohost/sso usually works, it doesn’t for wordpress… but maybe if there was a nginx proxy or something there it would work… or maybe i can make an iframe on the website for that login page to pop up? but i wouldn’t know what files i’d need to load for that…

Well on my side, https://mothnet.xyz/yunhost/sso doesn’t show a 404 … it shows a page with a logo and " Get Ready… Something Really Cool Is Coming Soon" … So do you get the 404 after login in or something ?

oh no that’s just wordpress’s “coming soon” feature. i guess its because i’m already signed in [but i was only able to sign in by switching default sites to staff.mothnet.xyz then back to mothnet.xyz] and as you can see even though it doesn’t give a 404 error…you’re still not able to sign in… just try to get to a sign in on my website. mothnet.xyz and admin.mothnet.xyz and staff.mothnet.xyz…

my question is how can i login without having to switch “main domains” back and forth? i don’t want my email host on a blacklist but i also want to allow staff members to sign in.

@MothGirlMusic
From what I understand you need to set the SSO login page to staff.mothnet.xyz. Install the wordpress(the logo page) and keep the email accounts from mothnet.xyz.

Please correct me if I did not get it right.

yes that is correct. however, setting the “default page” sets both email and login stuff. so setting login to staff.mothnet.xyz makes the email server incorrect… and setting default domain to mothnet.xyz proper… makes staff unable to login. i need a middle ground here. hoping that i can use nginx somehow to make mothnet.xyz/yunohost/sso go to a login? or maybe i can set default login to staff.mothnet.xyz and somehow change the mail server’s domain to mothnet.xyz?

i know theres options i just don’t know how execute them… especially when yunohost overrides and overwrites all of this.

i was thinking maybe i would be able to set the mail server to use the right domain… then set up a domain like login.mothnet.xyz and have that have a “private app” that is a redirect app… so it prompts for a login… then instantly redirects you back to the main website on logging in… then it would be business as normal for me and my staff can still login and do what they need to.

yes you can.

Follow these steps:

  1. Run this command in ssh:
    yunohost tools maindomain -n mothnet.xyz
  2. Edit /etc/ssowat/conf.json.persistent and add this line:
    "portal_domain": "login.mothnet.xyz"
  3. Run this command in ssh:
    yunohost app ssowatconf
2 Likes

thank you so much!!! that works PERFECTLY! solves all of my issues in one fowl swoop! thanks so much.

2 Likes