Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Problems with Salesforce SSO authentication - Authentication lost after a few days #46

Open
cardax opened this issue Dec 11, 2020 · 10 comments

Comments

@cardax
Copy link

cardax commented Dec 11, 2020

Good morning,
I've configured the Pardot plugin to connect to our Salesforce org via SSO for different websites (1 Connected App per website).
After the initial configuration everything works for a few days, but after a while I get a message like "The Pardot plugin is activated (yay!), but it needs some quick configuration to start working correctly." and when I go to the settings page I see that the authentication has been lost.
Is it an issue with refresh tokens?
I configured the connected app to "Relax IP restrictions" and "Refresh Token Policy: Refresh token is valid until revoked".

The problem is that, when it loses authentication, the Campaign is gone and all Pardot forms and dynamic content disappear from the website so we can't really rely on this plugin for the moment...

Thanks in advance for your support!

@logoscreative
Copy link
Contributor

Thanks for the report, @cardax! Please work with Pardot Support to get this issue debugged and resolved.

@cardax
Copy link
Author

cardax commented Dec 22, 2020

Thanks for your message @logoscreative. Unfortunately after 1 week I still didn't solve the issue with Salesforce support.
They told me everything is correctly set-up on their end and that I would need to ask the "WordPress support", which I assume it's this one.
I'll try a new hosting provider early next year, to see if the issue is still there... we've got 10+ websites with the same issue but they're all on the same hosting.

@cardax
Copy link
Author

cardax commented Jan 14, 2021

Good morning @logoscreative,
I could reproduce the same issue on another hosting provider and on a clean installation of WordPress 5.6.
The Salesforce SSO Authentication is working for a few days, then authentication is lost and all Pardot Forms and Dynamic Content disappear from the website.
The only way to get them back is clicking Reset All Settings and re-enter all parameters again and again every week or so...
Any idea on how to debug this issue to find the root cause?
Any workaround?

I would switch back to Pardot Authentication method (which worked perfectly), but it's going to be removed by Salesforce in Feb 2021... https://help.salesforce.com/articleView?id=000324534&type=1&mode=1

@AndrejGen
Copy link

We probably have the same problem. For us, this error occurs about once every day.

When I was looking for the reason for the error, I noticed that the script was checking for the wrong status code.
With the old Pardot API I got the status code 400 when the API key had to be renewed (https://developer.pardot.com/kb/api-version-5/version5overview/#error-responses).
With the Salesforce API I now get the status code 401, which unfortunately is not caught by the script (https://developer.salesforce.com/docs/atlas.en-us.api_rest.meta/api_rest/errorcodes.htm).

Here is the full answer from the Salesforce API:

body:"<?xml version="1.0" encoding="UTF-8"?>
<rsp stat="fail" version="1.0">
   <err code="184">access_token is invalid, unknown, or malformed</err>
</rsp>",
code:401,
message:"Unauthorized",
"

Is it possible that the access token is not renewed by the refresh token because it is waiting for the wrong status code?

Here is the corresponding file with the line where I suspect the error: https://github.com/pardot/pardot-for-wordpress/blob/master/trunk/includes/pardot-api-class.php#L634

@cardax
Copy link
Author

cardax commented Jan 18, 2021

Thanks for your investigation @AndrejGen!
It seems very reasonable, and it would explain why it works on the first configuration and misses the token refresh afterwards... they should probably catch any 40X error code instead of just 400.

For the time being the plug-in is unreliable, so we're switching back to including the tracking scripts via Google Tag Manager and Pardot Forms by HTML instead of this plug-in.

I've opened a second case with Salesforce, and I'll update this issue if they can find some other explanation.

@cardax
Copy link
Author

cardax commented Jan 18, 2021

We probably have the same problem. For us, this error occurs about once every day.

When I was looking for the reason for the error, I noticed that the script was checking for the wrong status code.
With the old Pardot API I got the status code 400 when the API key had to be renewed (https://developer.pardot.com/kb/api-version-5/version5overview/#error-responses).
With the Salesforce API I now get the status code 401, which unfortunately is not caught by the script (https://developer.salesforce.com/docs/atlas.en-us.api_rest.meta/api_rest/errorcodes.htm).

Here is the full answer from the Salesforce API:

body:"<?xml version="1.0" encoding="UTF-8"?>
<rsp stat="fail" version="1.0">
   <err code="184">access_token is invalid, unknown, or malformed</err>
</rsp>",
code:401,
message:"Unauthorized",
"

Is it possible that the access token is not renewed by the refresh token because it is waiting for the wrong status code?

Here is the corresponding file with the line where I suspect the error: https://github.com/pardot/pardot-for-wordpress/blob/master/trunk/includes/pardot-api-class.php#L634

Out of curiosity, I've modified the check for HTTP error 400 to 401 in the PHP file pardot-api-class.php and after refreshing the page it has correctly used the refresh token to get a new access token...
Looks like you solved the mystery, @AndrejGen !

@cardax
Copy link
Author

cardax commented Jan 22, 2021

@AndrejGen apparently, as you mentioned, the problem is only partially solved with the change in #47 (@noshirpatel-salesforce ).
The change on https://github.com/pardot/pardot-for-wordpress/blob/master/trunk/includes/pardot-api-class.php#L634 fixes only the part where, clicking the Authorize button, it gets a new access_token without having to reset all settings and re-enter all configuration (client secret, etc.) but it doesn't solve the fact that, upon expiration, it automatically requests a new one... 5 days after I manually changed the code of the plugin on our website, it has still lost the authorization and still mentions "The Pardot plugin is activated (yay!), but it needs some quick configuration to start working correctly."

@cardax
Copy link
Author

cardax commented Jan 25, 2021

@AndrejGen and anyone else having the same problem and reading this thread:
Salesforce opened a "Known Issue" for this plug-in bug so you can click on "This issue affects me" on this link to receive updates as soon as it's solved:
https://trailblazer.salesforce.com/issues_view?id=a1p4V000001JkAsQAK

@adamerstelle
Copy link

So the issue above, was marked fixed but they only provided a temporary workaround (which might last you a day or two until it is unauthenticated again).

So as of right now, this issue is only active here.

@jdayment
Copy link

I am experiencing this same issue followed the steps in the known issue case and it is still occurring.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

5 participants