Login with SSO option does not exchange SSL certificates

(Vishal Vr) #1

I have a main domain hosted on Firebase, which runs the actual website of our business. Then installed Discourse platform hosted in another sub domain but on a different hosting platform. Discourse forum was edited and works just fine, however when i enable login with SSO with the links, the domain hosted on Firebase does not excahnge SSL certificates with the Discourse platform. Kindly help me how to enable SSO login in this case where Firebase does not send SSL certificates outside its domain. Or what should be enabled for the SSO to work fine.

(Matt Palmer) #2

I can’t understand what you’re asking for. “Exchange SSL certificates” is not a common term of art. Perhaps screenshots or other objective observations of what you’re seeing, and how that differs from what you expect to see, might clarify the situation?

(Vishal Vr) #3

It says the certificate is only vaild for “firebaseapp.com or *.firebaseapp.com”

(Matt Palmer) #4

That screenshot is very helpful. As you identified, the problem is that the certificate only covers *.firebaseapp.com, while you’re trying to access www.<something>.firebaseapp.com. The thing with “wildcard certificates” (which this is) is that the * only covers one “level” of name – so it would match <something>.firebaseapp.com, but not what you’re using.

Your options are:

  1. connect using <something>.firebaseapp.com, or
  2. use a different domain entirely (and obtain a suitable SSL certificate).

(Vishal Vr) #5

Thank you very much, can you elaborate or provide pointers to resources on your suggestion. Sorry for the trouble as i am new to web development and computer science.

options : 1. connect using <something>.firebaseapp.com

Do i need to install discourse on Firebase again? As of now it is on DigitalOcean as it was simple. Or is it just the hosting of the domain?

(Eli the Bearded) #6

Not knowing anything about Firebase, I don’t know if you need to install it again there. What you need is a hostname of the form DNSLABELWITHOUTDOTS.firebaseapp.com or an SSL cert for the hostname you’ve chosen (www.crowdpouch-lb3dbd.firebaseapp.com). Edit your app.yml file for either change and then launcher rebuild app.

(You might find it easier to just get a free Let’s Encrypt certificate, which the scripts can do for you, if app.yml is so configured.)

(Matt Palmer) #7

You’ll need to talk to Firebase support about what your options are. We can’t provide support for their setup.

(Michael - DiscourseHosting.com) #8

It’s not a Firebase issue, it’s a configuration issue on Discourse side.
TS said Discourse was running elsewhere. This happens when Discourse triggers the SSO.

@vishal_vr you just need to remove the www. in front of the URL in your Discourse SSO settings.

(Matt Palmer) #9

How is “Firebird is presenting a certificate that doesn’t match the hostname” a Discourse configuration issue?

(Michael - DiscourseHosting.com) #10

The website is https://crowdpouch-b3dbd.firebaseapp.com/ without www and it is working fine.

In the screenshot you can see that the URL that is showing the error, is the SSO callback URL.
That URL must have been the result of a redirect from Discourse.

So I figured that removing the www in the Discourse SSO configuration would solve this issue.

(Eli the Bearded) #11

Yes. You need to use the same hostname consistently. Discourse won’t be adding the “www”, that’s something else, possibly leftover from some www.example.com type placeholder.