SSO data vs "normalized" local data


(Michael Downey) #1

Today I was looking at these site settings (emphasis added):

  • sso overrides email: Overrides local email with external site email
    from SSO payload (WARNING: discrepancies can occur due to
    normalization of local emails)
  • sso overrides name: Overrides local name with external site name
    from SSO payload (WARNING: discrepancies can occur due to
    normalization of local names)

Can anyone describe what kind of normalization is happening locally? What kind of discrepancies might be seen?

I’m considering enabling both of these to centralize our users’ update of their account name and e-mail address, but wanted to see what we were up against.


(Jesse Perry) #2

Just wondering the same thing - and this is the only topic I can find on the subject. Anyone know and care to enlighten?


(Sam Saffron) #3

For Discourse purpose we treat user@domain.com same as User@domain.com … case sensitive emails with upper case are an edge case I do not really think exists next to unicorns.


(Jesse Perry) #4

Thanks! I was actually specifically curious about the overrides name warning:


(Sam Saffron) #5

I think names are fine, usernames need to be normalized. only notable normalization would be disallowing blank names afaik


(Jesse Perry) #6

Thanks! Perhaps useful to just remove the warnings then? A big WARNING is pretty scary :wink: :scream:


(Michael Downey) #7

There’s still something happening between what’s sent via SSO and what shows up as the Discourse name. Not sure if this is part of the “normalization” or not:


(Jesse Perry) #8

I might need to turn this into a bug post - but turning SSO override name setting on does not actually override name. Detail specific: name as-is in Discourse is “FirstName” but name from SSO is “First Name” (with space). Shouldn’t the payload override every time they login?


(Jeff Atwood) #9

Are you referring to full name, or username here?


(Jesse Perry) #10

Sorry - full name :slight_smile:


(Jeff Atwood) #11

We do not support spaces in usernames, our username rules are similar to Twitter (except longer). I assume the SSO override feature is referring to username.


(Jesse Perry) #12

I could be misunderstanding you - but I’m referring to full name not username. That’s a separate setting from username for override. I can’t get the full name from SSO to have a space in-between the first name & last name.


(Sam Saffron) #13

I see the bug, fixed it here:

https://github.com/discourse/discourse/commit/4566a1e30aa9333831ed3468548ec4900ef64d30


(Jesse Perry) #14

I can confirm this is fixed! Thank you!


(Michael Downey) #15

I have sso overrides name enabled, but something is still changing my names after SSO sends an update:


(Sam Saffron) #16

Yeah I am pretty sure I fixed that today. We did some weird stuff to fullname.


(Michael Downey) #17

… but I just updated to tests-passed a short time ago. :frowning:


(Sam Saffron) #18

We had quite a few failing builds today, its still missing from tests-passed should hit it soon


(Floris Bouwstra) #19

I am currently working on the Dutch translation. I have to decide on the best Dutch translation for ‘override’, since the exact word does not exists. I can chose between sometething like ‘replaces permanently’ or ‘uses instead’. Are email, username, name and avatar permanently replaced, or just used instead during the 'session? I hope you guys can help me out. Thanks a lot.


(Rafael dos Santos Silva) #20

It will ‘replaces permanently’.

Like, user will see the new avatar, name and new custom fields ASAP.