Resetting or Destroying Single Sign On Records


#1

We have recently transitioned our main website from an old Django backed website to a new WordPress based website. We have migrated users, and are trying to switch the SSO provider from our old platform to our new one. Is there a fast/easy way to delete old single sign on records so that the new WordPress platform can re-sync users with their existing Discourse accounts?


(Felix Freiberger) #2

There is a method called SingleSignOnRecord.destroy_all. I’m pretty sure that running it inside a rails console (/var/discourse/launcher enter app, rails c) will either do what you want… or hose your site.

If you’re adventurous, take a backup and try it, or wait for someone with more knowledge of this system to answer :wink:


(Simon Cossar) #3

For reference, this topic relates to this WP Discourse GitHub issue: Matching existing Discourse user accounts · Issue #279 · discourse/wp-discourse · GitHub.

I’ve tried out @fefrei’s approach in my development environment (with 10 users) and it worked there without any problems.


#4

Thanks @fefrei and @Simon_Cossar – I can verify that it did work, and did not hose the site at all.


(Felix Freiberger) #5

This sounds fishy – “It did not completely hose the site even a little bit!” :laughing:

Thanks for reporting back! :slight_smile:


(Eoin) #6

I’d like to understand why deleting all SSO records would work.

Is it that doing so forces accounts to be matched again on email address, thus matching people again with their rightful Discourse accounts from the new SSO providor?

(In my context, the current SSO providor is a custom PHP app, and we’re migrating our entire membership platform to run on Wordpress.)


(Felix Freiberger) #7

Correct. In the absence of an SSO record matching the external ID, Discourse matches by email and creates a new SSO record :slight_smile:

(If there is no matching account by mail, too, a new account and SSO record is created.)