SSO 邮箱覆盖及通过 API 进行 SSO 同步

Martyr2 · 2019 年10 月 31 日 18:56

Right now we have SSO enabled and everything has been working for years now (which is hosted by discourse). I was going through SSO settings and noticed the “sso overrides email” setting and its related warning “discrepancies can occur due to normalization of local emails”. Can you explain what is meant by this warning and provide an example of such normalization? Ultimately we would like to see the primary email (local) address match the email address for SSO.

Another related question, if I kick off a sync_sso API call with this feature enabled, will the primary email address be updated without user verification?

Thanks!

simon · 2019 年10 月 31 日 19:43

Discourse normalizes the case of email addresses, both the domain and the username parts of the email are set to lowercase. If your SSO provider site allows for upper case letters in emails, a user could end up with uppercase letters in their SSO provider email address, and a lowercase email address on Discourse.

I am not aware of any other email normalization that is done by Discourse.

This will work if the require_activation parameter is not set to true in the SSO payload.

话题		回复	浏览量
Synchronizing Changes for SSO users SSO discourseconnect	7	3964	2018 年10 月 10 日
SSO and changing email addresses upstream Support	5	2498	2021 年4 月 20 日
Discourse doesn't re-verify an address changed by SSO Bug sso , discourseconnect	21	5379	2017 年5 月 16 日
Change email for SSO user? SSO	35	9717	2024 年9 月 9 日
How to handle Discourse SSO when the authentication site allows users to change emails? SSO	4	1316	2023 年2 月 24 日

SSO 邮箱覆盖及通过 API 进行 SSO 同步

相关话题