SSO Issue: Missing SSO or SIG parameters

simon · September 26, 2024, 12:15am

It seems likely that something isn’t configured correctly. Maybe try taking a step back. I don’t have an SSO provider site configured on my local setup right now, but this might get you part of the way.

On Discourse, make sure the following settings are configured:

The discourse connect url setting should be set to the URL that is handling the code that you have posted.

Set the discourse connect secret setting to a string of text that’s at least 10 characters long. Note that you have the 7 character long string keyhere hardcoded into the code you’ve posted. I’m assuming you are changing that value when you are running the code. Set it to the same value as you’ve entered on Discourse.

Now log out of your Discourse site. Open your browser’s web inspector to its network tab. Click the “Login” button on Discourse. You should see requests similar to the first two requests from the screenshot below:

The first request will be to http://forum.example.com/session/sso?return_path=%2F

The next request should be to https://example.com/?sso=<sso_payload_sent_from_discourse>&sig=<sso_signature>

example.com and forum.example.com should be set to the actual domains you are using.

If everything is configured correctly, I’d expect this to assign the values of the sso and sig parameters to the variables you’ve set here:

$sso = $_GET['sso'];
$sig = $_GET['sig'];

If it was me, I’d probably comment out the rest of the code and just confirm that you can receive the payload and assign it to the variables.

With DiscourseConnect enabled, you can log back into your Discourse site by visiting the /u/admin-login route. If you have access to the Discourse site’s Rails console, you can also log back in by disabling DiscourseConnect from the Rails console:

SiteSetting.enable_discourse_connect = false

It’s possible there are errors further down in the code you posted. For example, I think you need to call urldecode on the value of the sso parameter before generating the expected sig. Have a look at how the WP Discourse plugin handles it:

github.com

discourse/wp-discourse/blob/main/lib/sso-provider/sso.php#L41-L48


      
          	public function validate( $payload, $sig ) {
          		$payload = urldecode( $payload );
          		if ( hash_hmac( 'sha256', $payload, $this->sso_secret ) === $sig ) {
          			return true;
          		} else {
          			return false;
          		}
          	}

$payload in the function above is just the value of the sso query param, after its been sanitized here: wp-discourse/lib/sso-provider/discourse-sso.php at main · discourse/wp-discourse · GitHub.

Topic		Replies	Views
Custom SSO not working after secure_session added as a parameter SSO	8	1229	March 12, 2021
Create a DiscourseConnect login link Integrations sso , discourseconnect , how-to	6	5096	September 25, 2024
Discourse a SSO provider for Wordpress WordPress	10	5714	May 23, 2020
Setup DiscourseConnect - Official Single-Sign-On for Discourse (sso) Integrations sso , discourseconnect , configuring , how-to	7	437376	September 12, 2024
Sporadic issue wp-discourse/SSO: Nonce has already expired WordPress	22	3835	October 14, 2021

SSO Issue: Missing SSO or SIG parameters

Related topics