SSO locked me out of Discourse!

I’m trying out SSO for my Wordpress site and it seems that if you get the configuration wrong, you can get locked out of your admin account.

Unfortunately, I am but a lowly publisher/admin. So the instructions here https://meta.discourse.org/t/sign-in-error-sso-may-be-enabled/15834 are no use to me. I am only vaguely technical - I paid a developer to set up Discourse on Digital Ocean for me.

I know what SSH is, but I haven’t touched a command line for several years. I either need some real layman step-by-step instructions, or I’ll have to pay another third party to sort this out.

Thanks in advance.

You can view this post

1 Like

Thanks for the swift reply, but as I said, I paid a developer to set this up.

What I need are step-by-step instructions for Digital Ocean - where do I run these commands?

Sorry for being a newbie, but I’m evaluating Discourse and need to find out if I can administrate this forum myself or whether I need to pay someone to take care of the server side of things.

Thanks.

Do you know how to login to your Digital Ocean VPS using a SSH client ?

I’ve never done it before on Digital Ocean, but I’m sure I could work it out. Can I use the Terminal on my MacBook?

If so what info will I need to run the commands above?

Many thanks

Yes. You can use Terminal on MacBook to login via ssh to your VPS.
After login to your VPS. run these command

# cd /var/discourse
# ./launcher enter app
$ rails c
[1] pry(main)> SiteSetting.enable_sso = false
[2] pry(main)> exit
$ exit
4 Likes

thanks very much!

However I managed to reset the forum without having to open a command line.

By typing in the IP address, not domain name of my forum I was able to login and uncheck the SSO settings .

Now the forum is back up and running. Many thanks for your assistance!

How did you even install Discourse without ever connecting to the server before?

Anyway: Your mac ships with Terminal which lets you connect to the server too. Open it and type ssh <yourserver_IP_or_domain> and you will be able to log in as long as you didn’t use some private key when setting up the server.

Thank you for the advice.

FYI I’m a publisher, I don’t have a background in server administration - somebody else set the forum up for me.

Whilst I’m pretty technical, I need to feel confident that I can’t ‘break’ the installation purely by changing some settings in the admin panel.

This to me is a test as to whether Discourse will work for me and hence be adopted by the masses -like where Wordpress is at now.

Oh I see, that’s fine too, Discourse Is fairly easy to administer for non-technical people too.

Back to Topic: the “Enable SSO” Option should have some sort of warning (Don’t enable this unless you know what it is for)

4 Likes

Good point I added this to the end of the site setting description for enable_sso

(WARNING: can prevent anyone from logging in if not properly configured when enabled; also disables invites)

2 Likes

This is a configuration bug that you’ll probably want to get corrected, otherwise your users will also be able to bypass your SSO.

Thanks for the advice but I’m skipping SSO for the moment.

Too complicated to set up for non sysadmin types like me.

There is a Wordpress plugin for this
https://meta.discourse.org/t/wp-discourse-sso-plugin/23245

Thanks, yes I have the Wordpress plugin installed - it’s pretty intuitive, however I’m struggling with the Discourse settings, in particular the following:

I have set the secret key, but I have no idea what the SSO url is and the implications of the override settings.

You can read offcial instruction here

1 Like

Many thanks for your help and encouragement.

Finally managed to get SSO working!

1 Like

Thanks, I got this work finally. It seems that my server works a little differently. Being a newb, I thought it might help others with the same issue:

the irb command was giving me errors

NameError: undefined local variable or method `irb’ for main:Object

Instead I was getting this prompt after ‘rails c’

1] pry(main)>

This might as well have been in Sanskrit, but a little Googling told me this was an alternate to irb so I just entered the command:

SiteSetting.enable_sso = false
exit

And that seemed to work.

Thanks again!

2 Likes

Fixed the instructions for future travelers.

1 Like

Appreciate help guys. Have ssh into my bitnami discourse stack and can’t get the commands to work. When I run rails C I get this error before I even get to running the = false command.

Looks like your app’s ./bin/rails is a stub that was generated by Bundler.

In Rails 4, your app’s bin/ directory contains executables that are versioned
like any other source code, rather than stubs that are generated on demand.

Here’s how to upgrade:

bundle config --delete bin # Turn off Bundler’s stub generator
rake rails:update:bin # Use the new Rails 4 executables
git add bin # Add bin/ to source control

You may need to remove bin/ from your .gitignore as well.

Any advice appreciate as need to get the SSO turned off asap. Thanks!