We went live on Discourse about two years ago, and we are using SSO from our main back office system as the authentication provider. It uses an external id (GUID).
We’re getting ready to change our main back office system to another vendor. They support OAuth2/OpenID but when we convert to this new system, our user’s external ids (GUID) will change. So I’m wondering if others have been down this road and if I’ll have to somehow do a mass update of the external ids currently stored in our Discourse?
But I’m not trying to sign up. I am arriving to the home page, and next I click on “Log In”; I get my SSO provider’s login page, which I can successfully authenticate with, but after entering my password I arrive to the “let’s create your account” page but I never clicked on “Sign Up”.
For troubleshooting, I’d start with only the required settings. Please confirm that a user with that email exists on both sides.
Did you fill that email manually on discourse or was it automatically populated by SSO server?
What I believe is maybe happening here is that that the email is associated with a different username on discourse and your sso server is sending a new username causing this conflict.
Do you have anything in discourse logs related to SSO? It might be helpful in identifying the exact cause of this problem.
Thanks. I verified that I can disable SSO/OpenID in Discourse and login with that same email address into Discourse. I have verified that those same credentials work with my SSO provider.
When I re-enable OpenID in Discourse, I successfully authenticate via my SSO provider but then I still end up at the Discourse screen where it wants to create an account. All three values on that screen (email, username and full name) are automatically populated by the SSO provider.
And I tried turning off all of those settings above, but no change in this behavior.