Issue with Drupal Discourse SSO

Hi,

I’m new to Discourse, and I’m trying to set up my forum with a Drupal website, with the Discourse SSO module. I followed the instructions of the module and this topic, unfortunately the url “mydrupalwebsite.com/discourse/sso” returns a 404.

Since the time of this topic, there are new settings for the module with an API key, but I don’t know what to do with it.

Does someone have the same issue ?

Thanks

2 Likes

Can you share a link to the Drupal module that you are using? If it’s the module that’s linked to in this post, it was last updated in March of 2015, so it’s quite likely there will be issues with it.

This Drupal SSO module was updated in December of 2019: https://www.drupal.org/project/discourse_sso. It would be worth giving it a try.

3 Likes

I’m using the second one, with the latest version.

I’ve setup the sso secret and the sso url, and when I try to log in, I can see there has been some redirections like it should, but /discourse/sso is a 404 page.

Does the module have any documentation? The normal process for enabling SSO is to add the SSO endpoint to the Discourse sso url site setting, add an SSO secret key to the sso secret site setting, then enable the enable sso site setting. When first setting this up, you’ll probably also want to enable the verbose sso logging site setting. With that setting enabled, you’ll get details about SSO errors in your site’s error logs (found at Admin / Logs / Error Logs.)

When you have the Discourse settings enabled, you’ll need to be sure that your Discourse site’s URL and sso secret are added to the SSO provider site.

From the error you are getting, it seems likely that the enable sso site setting has not been enabled on your Discourse site.

If you run into problems accessing your Discourse site after having enabled SSO, as an admin you can bypass SSO login by going to /u/admin-login on your Discourse site. Enter your admin email address into the form on the page. A onetime login link will be sent to you.

1 Like

Thank you a lot for your help. Unfortunately, the module doesn’t have more documentation than on its project page.

I only checked enable sso, verbose sso logging, completed the fields sso url with “mywebsite/discourse/sso”, and the field sso secret.

I followed the guidelines of the Drupal module, and entered the url of the Discourse forum and the sso secret in the corresponding fields.

I still get a 404 error when I try to login, with this url :
https://mywebsite/discourse/sso?sso=bm9uY2U9MTJlMmI4ZWNjNzU4ZGE3YTg5ZWIwZDI2MmM5ZTUzOWEmcmV0dXJuX3Nzb191cmw9aHR0cHMlM0ElMkYlMkZmb3J1bXMuc2VnYS1tYWcuY29tJTJGc2Vzc2lvbiUyRnNzb19sb2dpbg%3D%3D&sig=96726cef3a6bb69a0863f66fb0e09ce3edb1ea77f3fd2d9e69cdaf932aede6a2

Here is the log : verbose_sso.txt (5,9 Ko)

If the issue isn’t with my settings in Discourse, then I’ll get to the module dev again.

Thanks again.

I had a look at the log entry, but it is not showing the error - it’s just the log entry for the start of the SSO process on Discourse. There should be another log entry created shortly after that one that does show the error. Can you try going through the process again? There should be Verbose SSO log entries for each login attempt. The first entry shows the process starting on Discourse, the second entry will relate to how DIscourse handled the response it received from your website.

It is possible that there will be another relevant error message that does not begin with the text Verbose SSO log. Have a look at the log entries from right around the time that you’ve made the SSO request.

I tried again, and In got three identical log messages, which are the same as the previous one. If I follow, it must mean that there is no answer from my website at all.

Yes, that sounds correct to me. You could try looking at the requests that are being made by opening your browser’s web inspector to its Network tab. Select the “Preserve Logs” option on that tab and click the login link on your Discourse site.

1 Like

Hi,

Just a litte update on this matter : the Discourse SSO module has been patched and doesn’t crash the site anymore.

But it still doesn’t work since it’s impossible to properly log out once you’ve logged in once. Another issue has been opened, in case someone would like to look at it.

1 Like

Thanks for following up with this! Please let us know if the new issue with the module gets resolved.

Ok so, I’m keeping up with my investigations.

Is there any reason why I wouldn’t be able to login to Discourse via SSO with different accounts ? Maybe a cookies setting ?

When SSO is enabled, if I log out then try to log in again, I’m automatically logged in as the first account.

I don’t have any problem when I disable SSO though.

It sounds like logging out of Discourse is not synchronized with logging out of the SSO provider site. SInce you are still logged into the SSO provider site, the next time you click the Discourse Login link, you are authenticated based on being logged into the SSO provider.

The Discourse logout redirect site setting can be used to log users out of the SSO provider site. When a user logs out of Discourse, they will be automatically redirected to that URL. The SSO provider will need to handle the URL to log out the user. I’m not familiar enough with Drupal to know what would need to be done to implement this though.

1 Like

Ok, problem solved.To sum up :

  • This module works fine, there is just a bug with the Drupal user picture, but a patch is pending,
  • This post is wrong about the settings in Discourse : the sso_url should end with /discourse_sso, NOT /discourse/sso
  • If you want to be able to login with several different accounts, you must set http://mywebsite/user/logout as the logout redirect, and disable Ghostery in your browser for your discourse website if you’re using this plugin.

Thanks for your help, @simon !

2 Likes