Problems with WP Multisite SSO

Hi there

I am battling to figure out SSO, it seems like there are different ways that one can implement SSO, but whatever I do seems to break something.

This is my set up:

  • Wordpress multisite (not blog farm, all subsites of main site)
  • Discourse hosted plan
  • Currently using plugin WP Multisite SSO to manage SSO to network
  • Login from any of the sites (including subsites) logs in to the entire network
  • Installed WP Discourse plugin.

What I am trying to achieve:

  • Add discourse as a site on the network with the following implications,
    • Log in from any of the sites also seamlessly logs in to discourse and viceversa

My questions are the following.

  • Is my desired setup possible or are the SSO plugins clashing ( I could also use WP Multisite User Management)
  • What do I enter on WP side and Discourse side, specifically do I enable ‘enable sso provider’ and what is my sso url - a) mysite.com/discourse/sso or b) discourse.mysite.com.
  • If a) do I need to create a template and if so how (no template shows up currently)

Thanks in advance for any help.

Regards
Jason

Update:

I have now activated sso via WP plugin and in discourse. When I try to link to my forum I get: The webpage at http://pods.myenterpride.com/session/sso has resulted in too many redirects. Clearing your cookies for this site or allowing third-party cookies may fix the problem. If not, it is possibly a server configuration issue and not a problem with your computer.

I can also not get into my admin account via /users/admin-login I am getting [‘BAD CSRF’]

To get back into your site, try to open a private tab to use /users/admin-login.
If this doesn’t work, ssh into your server and use these instructions to manually disable SSO.

I can’t ssh, it is hosted by discourse. I don’t have server details.

1 Like

Oh, sorry, I didn’t see your customer title.

Did you try http://pods.myenterpride.com/users/admin-login in a private tab? I can see and submit the form.


I think that your SSO url is wrong. I was redirected to http://pods.myenterpride.com?sso=<token>&sig=<signature>, which is the domain of your Discourse installation. While I have no idea about the WP side of things, this needs to point somewhere where WP handles it.
`

Yes I did. But i get [‘BAD CSRF’] and no mail

OK, thanks. I am in. You are a hero :smiley:

I think I will wait for an official input before I reactivate SSO. Everytime I try something it breaks.

Sounds reasonable.

I’m still intrigued by the BAD CSRF. I literally didn’t do anything than opening a new private tab in chrome, put in your E-Mail address, submitted the form, and got a confirmation…

I know. I tried opening an incognito tab several times, with the same result. Thanks anyway.

Your situation sounds very complex. You may need to wait until business weekdays for us to help. We generally do not work weekends unless something is on fire.

Hey @Jason_Lorje, I think your setup can work as long as:

  1. Users have the same ID across all of the sites
  2. You have one login page that logs the users into all sites at once

It sounds like the WP Multisite SSO plugin might do all of that.

If you’re comfortable doing some coding, try following my integration guide one piece at a time:

https://meta.discourse.org/t/wordpress-integration-guide/27531

The only part I’m unsure will work for you is the wp_login_url function; it depends how multisite and the SSO plugin handle it.

You do not want to check enable sso provider. These are the only options I enable:

I hope that helps!

1 Like

@codinghorror @fefrei @AdamCapriola

Thank you all for your input, I have solved the problem :tada: For those that may follow this thread, and are trying to connect discourse to a WP multisite here is what you shouldn’t and should do.

Don’t use WP Multisite SSO plugin, it breaks everything. Use WP Multisite User Management instead.
@AdamCapriola Sorry mate, I couldn’t get your plugin to work, probably my lack of coding experience, though.

What worked:
On the WP side: Use the WP Discourse plugin, Check the ‘Enable SSO to Discourse’, check that all user ID’s are the same across the network.
On Discourse side: Enable SSO, Enable SSO Provider, and set URL to http://yoursite.com/session/sso_provider (for some reason I overlooked this :flushed:), override e-mail, override username and set not approved url. Clear all caches and test incognito.

Voila, it works, or at least it did for me.

5 Likes