SSO locked me out of Discourse!


#1

I’m trying out SSO for my Wordpress site and it seems that if you get the configuration wrong, you can get locked out of your admin account.

Unfortunately, I am but a lowly publisher/admin. So the instructions here Sign In Error (SSO may be enabled) are no use to me. I am only vaguely technical - I paid a developer to set up Discourse on Digital Ocean for me.

I know what SSH is, but I haven’t touched a command line for several years. I either need some real layman step-by-step instructions, or I’ll have to pay another third party to sort this out.

Thanks in advance.


Single Sign On stopped Admin login
(Khoa Nguyen) #2

You can view this post


#3

Thanks for the swift reply, but as I said, I paid a developer to set this up.

What I need are step-by-step instructions for Digital Ocean - where do I run these commands?

Sorry for being a newbie, but I’m evaluating Discourse and need to find out if I can administrate this forum myself or whether I need to pay someone to take care of the server side of things.

Thanks.


(Khoa Nguyen) #4

Do you know how to login to your Digital Ocean VPS using a SSH client ?


#5

I’ve never done it before on Digital Ocean, but I’m sure I could work it out. Can I use the Terminal on my MacBook?

If so what info will I need to run the commands above?

Many thanks


(Khoa Nguyen) #6

Yes. You can use Terminal on MacBook to login via ssh to your VPS.
After login to your VPS. run these command

# cd /var/discourse
# ./launcher enter app
$ rails c
[1] pry(main)> SiteSetting.enable_sso = false
[2] pry(main)> exit
$ exit

Single Sign On stopped Admin login
#7

thanks very much!

However I managed to reset the forum without having to open a command line.

By typing in the IP address, not domain name of my forum I was able to login and uncheck the SSO settings .

Now the forum is back up and running. Many thanks for your assistance!


#8

How did you even install Discourse without ever connecting to the server before?

Anyway: Your mac ships with Terminal which lets you connect to the server too. Open it and type ssh <yourserver_IP_or_domain> and you will be able to log in as long as you didn’t use some private key when setting up the server.


#9

Thank you for the advice.

FYI I’m a publisher, I don’t have a background in server administration - somebody else set the forum up for me.

Whilst I’m pretty technical, I need to feel confident that I can’t ‘break’ the installation purely by changing some settings in the admin panel.

This to me is a test as to whether Discourse will work for me and hence be adopted by the masses -like where Wordpress is at now.


#10

Oh I see, that’s fine too, Discourse Is fairly easy to administer for non-technical people too.

Back to Topic: the “Enable SSO” Option should have some sort of warning (Don’t enable this unless you know what it is for)


(Jeff Atwood) #11

Good point I added this to the end of the site setting description for enable_sso

(WARNING: can prevent anyone from logging in if not properly configured when enabled; also disables invites)


(Kevin P. Fleming) #12

This is a configuration bug that you’ll probably want to get corrected, otherwise your users will also be able to bypass your SSO.


#13

Thanks for the advice but I’m skipping SSO for the moment.

Too complicated to set up for non sysadmin types like me.


(Khoa Nguyen) #14

There is a Wordpress plugin for this


#15

Thanks, yes I have the Wordpress plugin installed - it’s pretty intuitive, however I’m struggling with the Discourse settings, in particular the following:

I have set the secret key, but I have no idea what the SSO url is and the implications of the override settings.


(Khoa Nguyen) #16

You can read offcial instruction here


#17

Many thanks for your help and encouragement.

Finally managed to get SSO working!


#18

Thanks, I got this work finally. It seems that my server works a little differently. Being a newb, I thought it might help others with the same issue:

the irb command was giving me errors

NameError: undefined local variable or method `irb’ for main:Object

Instead I was getting this prompt after ‘rails c’

1] pry(main)>

This might as well have been in Sanskrit, but a little Googling told me this was an alternate to irb so I just entered the command:

SiteSetting.enable_sso = false
exit

And that seemed to work.

Thanks again!


(Kane York) #19

Fixed the instructions for future travelers.


(Rory Parkinson) #20

Appreciate help guys. Have ssh into my bitnami discourse stack and can’t get the commands to work. When I run rails C I get this error before I even get to running the = false command.

Looks like your app’s ./bin/rails is a stub that was generated by Bundler.

In Rails 4, your app’s bin/ directory contains executables that are versioned
like any other source code, rather than stubs that are generated on demand.

Here’s how to upgrade:

bundle config --delete bin # Turn off Bundler’s stub generator
rake rails:update:bin # Use the new Rails 4 executables
git add bin # Add bin/ to source control

You may need to remove bin/ from your .gitignore as well.

Any advice appreciate as need to get the SSO turned off asap. Thanks!