WPEngine uses proprietary page caching and, to my knowledge, does not honor PHP session variables. They also have some other setting to prevent repeat login attempts. Are there any known issues with this host?
We’re using the Auth0 WordPress plugin (on WPEngine) with ADFS for authentication. The entire site (aside from the login page) requires the user be logged in – just a simple call to is_user_logged_in() in the header and then wp_redirect() to the login page if they are not.
Many (probably most) of our users are able to authenticate just fine using their organizational credentials. But a few cannot get past the login screen. What happens for them:
They click the “Log in at xxxxx.com” button for ADFS login
They are taken to the corporate login page where they enter their credentials
When they are returned to the site, rather then being redirected to the homepage (which is set in the plugin preferences) they are sent to the login page, but the Auth0 widget no longer displays – as if it thinks they are logged in. However, if I try to manually go a page in the site at this point, I cannot. It redirects to the login page again and displays the widget (and return to step 1).
I can replicate this behavior in Firefox. In fact, Firefox does not work at all for anyone (fortunately not many use it for this site). With Firefox no one can get past the login screen (with a few rare exceptions). The above steps happen for all. I know Firefox has some strict policies with sites that are not using SSL (which we’re not, currently). Could that have anything to do with it?
Otherwise this happens intermittently (or consistently for some users) in IE and Edge. Chrome and Safari seem to behave just fine. So, it seems to potentially be browser related.
Any suggestions? I’m happy to provide more details.