I’m new to Discourse, and I’m trying to set up my forum with a Drupal website, with the Discourse SSO module. I followed the instructions of the module and this topic, unfortunately the url “mydrupalwebsite.com/discourse/sso” returns a 404.
Since the time of this topic, there are new settings for the module with an API key, but I don’t know what to do with it.
Can you share a link to the Drupal module that you are using? If it’s the module that’s linked to in this post, it was last updated in March of 2015, so it’s quite likely there will be issues with it.
I’m using the second one, with the latest version.
I’ve setup the sso secret and the sso url, and when I try to log in, I can see there has been some redirections like it should, but /discourse/sso is a 404 page.
Does the module have any documentation? The normal process for enabling SSO is to add the SSO endpoint to the Discourse sso url site setting, add an SSO secret key to the sso secret site setting, then enable the enable sso site setting. When first setting this up, you’ll probably also want to enable the verbose sso logging site setting. With that setting enabled, you’ll get details about SSO errors in your site’s error logs (found at Admin / Logs / Error Logs.)
When you have the Discourse settings enabled, you’ll need to be sure that your Discourse site’s URL and sso secret are added to the SSO provider site.
From the error you are getting, it seems likely that the enable sso site setting has not been enabled on your Discourse site.
If you run into problems accessing your Discourse site after having enabled SSO, as an admin you can bypass SSO login by going to /u/admin-login on your Discourse site. Enter your admin email address into the form on the page. A onetime login link will be sent to you.
I had a look at the log entry, but it is not showing the error - it’s just the log entry for the start of the SSO process on Discourse. There should be another log entry created shortly after that one that does show the error. Can you try going through the process again? There should be Verbose SSO log entries for each login attempt. The first entry shows the process starting on Discourse, the second entry will relate to how DIscourse handled the response it received from your website.
It is possible that there will be another relevant error message that does not begin with the text Verbose SSO log. Have a look at the log entries from right around the time that you’ve made the SSO request.
I tried again, and In got three identical log messages, which are the same as the previous one. If I follow, it must mean that there is no answer from my website at all.
Yes, that sounds correct to me. You could try looking at the requests that are being made by opening your browser’s web inspector to its Network tab. Select the “Preserve Logs” option on that tab and click the login link on your Discourse site.
Just a litte update on this matter : the Discourse SSO module has been patched and doesn’t crash the site anymore.
But it still doesn’t work since it’s impossible to properly log out once you’ve logged in once. Another issue has been opened, in case someone would like to look at it.
It sounds like logging out of Discourse is not synchronized with logging out of the SSO provider site. SInce you are still logged into the SSO provider site, the next time you click the Discourse Login link, you are authenticated based on being logged into the SSO provider.
The Discourse logout redirect site setting can be used to log users out of the SSO provider site. When a user logs out of Discourse, they will be automatically redirected to that URL. The SSO provider will need to handle the URL to log out the user. I’m not familiar enough with Drupal to know what would need to be done to implement this though.
This module works fine, there is just a bug with the Drupal user picture, but a patch is pending,
This post is wrong about the settings in Discourse : the sso_url should end with /discourse_sso, NOT /discourse/sso
If you want to be able to login with several different accounts, you must set http://mywebsite/user/logout as the logout redirect, and disable Ghostery in your browser for your discourse website if you’re using this plugin.