As the administrator of a forum that is using DiscourseConnect, you may occasionally get reports from users that when they attempt to login to the forum, they are greeted by an error message. For example: “There is a problem with your account. Please contact the site’s administrator.”
Enabling verbose discourse connect logging
To debug the issue, the first thing you need to do is to enable the ‘verbose discourse connect logging’ Site Setting on Discourse. If this setting was previously enabled, you can go directly to your site logs at Admin/Logs/Error Logs. If the setting was not previously enabled, you will need to ask the user to attempt logging in again so that you can generate a log entry of their failing login attempt.
Reading the log entry
Go to Admin/Logs/Error Logs and look for a recent log entry that starts with Verbose SSO log: Record was invalid
. If you have trouble finding the entry, enter ‘Record was invalid’ into the search box at the bottom of the logs page. Click on the log entry. Then click on the ‘info’ tab on the logs toobar:
The information that you will need is the reason (given in the log entry), and the email
and external_id
(found in the info section.)
Solving require_activation DiscourseConnect login issues
A common issue with SSO login is: Record was invalid: User {:primary_email=>"has already been taken"}
.
This can happen when the require_activation
parameter in the SSO payload is set to true
and the user has an existing account on Discourse that either does not yet have a single_sign_on_record
associated with it, or has a single_sign_on_record
, but the record’s external_id
doesn’t match the external_id
of the user who is trying to login.
To confirm this, enter your forum’s Rails console, and search for a user who has the email address that was used in the failed SSO login attempt:
u = User.find_by_email('sally@example.com')
Now, check if there is a single_sign_on_record
for this user:
sso_record = u.single_sign_on_record
If the user exists on your forum, but does not have an SSO record, you can create a record for them using the values from the SSO log:
SingleSignOnRecord.create(user_id: 2, external_id: 2, external_email: 'sally@example.com', last_payload: '')
The user should now be able to login.
If there is an existing SSO record for the user, but its external_id
doesn’t match the external_id
from the failed login attempt, you will need to look into why this has happened. One way this can happen is if a user’s account has been deleted and then recreated on the SSO provider site. In this case, you can update the SSO record to use the new external_id
:
sso_record.external_id = <failed-sso-login-record-external_id>
sso_record.save!
The user should now be able to login.
If you are using the WP Discourse plugin and running into the issue outlined above, see Validate Email Addresses with the WP Discourse plugin for details about how to resolve the issue without having to access the Rails console.
Last edited by @JammyDodger 2024-05-26T07:21:30Z
Check document
Perform check on document: