Hi, i am only trying to implement SSO.
Every time i redirect browser to “/session/sso_login?<…>” i see this error:
Account login timed out.
here is my workflow:
- user open discourse forum at http://forum.mysite.com and get auto redirect to sso end point http://mysite.com/sso?sso=…&sig=…
- http://mysite.com/sso backend takes sso param from querystring, validate it against sig param and if validation success unpack it urldecode(frombase64(urldecode(sso))) and store nonce value.
- http://mysite.com/sso backend create test payload with test user {nonce=storednonce,external_id=mytestid, email=myvalidemail}
- convert payload to sso param: sso = urlencode(base64(urlencode(payload)))
- create sig param as sig = hmacsha256(sso)
- send browser to http://forum.mysite.com/session/sso_login?sso=…&sig=…
but i always get error: Account login time out
i’ve searched topic about sso and find this
https://meta.discourse.org/t/how-to-avoid-account-login-timed-out-please-try-logging-in-again-when-the-payload-had-expired-in-sso/35682/9?u=dim_taburetkin
it seems that i can see this error even if my nonce is not correct at all.
so i’ve checked that i send back to discourse nonce i exactly receive.
same result.
there is no change if i do it immediately after receiving nonce or after some time in range of ten minutes
same result
what i am missing?
does discourse check if http://mysite.com/sso realy exist in the web?