登录错误：您的账户存在问题。请联系网站管理员

登录错误：您的账户存在问题。请联系网站管理员。

我遇到了一个登录错误，仅由两名用户报告，且该错误会随时间间歇性出现。我和许多其他用户都能正常登录。根据 Discourse CAS SSO 服务日志，用户已被转交至论坛，且未记录任何异常。你们中有人遇到过类似错误吗？我可以在哪里找到更多日志以协助排查此问题？

用户名相同，但其中一个账户的字母大小写不同。另一个用户的用户名完全一致。我们 CAS 服务器上的电子邮件地址与论坛上的地址匹配。我们运行的是几天前的最新 Discourse 版本，未在应用程序代码中应用任何补丁。

这可能是巧合，但其中一个用户的问题曾在我们重启 CAS SSO 服务后暂时消失，但现在他们仍无法登录论坛。（当时只有一名用户报告了此问题。）我希望找到该问题的永久解决方案。

我曾建议其中一名用户仅在浏览器中输入论坛域名（不带任何路径），但他们并未报告成功。根据日志，至少有一名用户已成功通过初始登录流程，因此我怀疑问题并非由在浏览器中输入错误的 URL 或使用错误的书签引起。

以下是该错误的屏幕截图：

login-error1910×372 26.5 KB

我通过匹配其屏幕截图中的参数，找到了与失败登录相关的 SSO 提供商日志。我将该日志与我自己的成功登录日志进行了比较，唯一的差异在于 sso 和 sig 参数、CAS 票据编号、时间戳、IP 地址等。两条日志非常相似，这表明早期的 SSO 验证步骤运行正常。以下是与失败登录相关的 SSO 提供商登录日志的编辑版本：

I, [2019-02-05T05:31:33.683842 #18023]  INFO -- : Started GET "/?sso=...&sig=..." for ... at 2019-02-05 05:31:33 -0500
I, [2019-02-05T05:31:33.685726 #18023]  INFO -- : Processing by LoginController#login as HTML
I, [2019-02-05T05:31:33.685829 #18023]  INFO -- :   Parameters: {"sso"=>"...", "sig"=>"..."}
I, [2019-02-05T05:31:33.687034 #18023]  INFO -- : Redirected to https://forum.members.fsf.org/auth/cas
I, [2019-02-05T05:31:33.687299 #18023]  INFO -- : Completed 302 Found in 1ms (ActiveRecord: 0.0ms)
I, [2019-02-05T05:31:33.812099 #18023]  INFO -- : Started GET "/auth/cas" for ... at 2019-02-05 05:31:33 -0500
I, [2019-02-05T05:31:49.217709 #18023]  INFO -- : Started GET "/auth/cas/callback?url&ticket=ST-..." for ... at 2019-02-05 05:31:49 -0500
I, [2019-02-05T05:31:49.256905 #18023]  INFO -- : Processing by LoginController#create as HTML
I, [2019-02-05T05:31:49.257047 #18023]  INFO -- :   Parameters: {"url"=>nil, "ticket"=>"ST-...", "provider"=>"cas"}
I, [2019-02-05T05:31:49.259105 #18023]  INFO -- : inside allow_groups ["is_member"] empty? false
I, [2019-02-05T05:31:49.259686 #18023]  INFO -- : Redirected to https://forum.members.fsf.org/session/sso_login?sso=...&sig=...
I, [2019-02-05T05:31:49.260007 #18023]  INFO -- : Completed 302 Found in 3ms (ActiveRecord: 0.0ms)

任何关于此问题的帮助都将不胜感激。

谢谢！: D

I’ve seen the error you reported in the screenshot for users who were imported, but have never before logged in. In my case WP is the SSO provider and the “problem users” don’t have a Single Sign On section at the bottom of their user page.

Thanks for the input. In my case, they have logged in before, and they do have the SSO section at the bottom of their user account page.

Great news! I figured out how to reproduce the error. If I try to log in as “Sudoman” instead of “sudoman”, then this error appears. Our CAS server (i’m not referring to the CAS SSO service connected with Discourse) allows people to log in lto our systems like that.

In any case, presuming that the SSO provider is passing the user to Discourse with the user name of “Sudoman”, is this error message the desired behavior in Discourse, or is it a bug?

In my case, it would make sense to allow the user to log in, but in other systems, that could be a different user who is trying to log in.

I tried creating an account with capitalized letters in the user name, and an account was created with the same capitalization. Trying to log in again with all lower case letters caused an error. That makes sense to me.

Maybe it would make sense to create a resource that lists the list of possible causes that produces this error message. It would help systems administrators track down the issue when this happens to their users.

Thanks!