SSO locked me out of Discourse!

TwelveMonkeys · June 15, 2015, 1:13am

I’m trying out SSO for my Wordpress site and it seems that if you get the configuration wrong, you can get locked out of your admin account.

Unfortunately, I am but a lowly publisher/admin. So the instructions here https://meta.discourse.org/t/sign-in-error-sso-may-be-enabled/15834 are no use to me. I am only vaguely technical - I paid a developer to set up Discourse on Digital Ocean for me.

I know what SSH is, but I haven’t touched a command line for several years. I either need some real layman step-by-step instructions, or I’ll have to pay another third party to sort this out.

Thanks in advance.

thangngoc89 · January 10, 2015, 5:01pm

You can view this post

TwelveMonkeys · January 10, 2015, 5:24pm

Thanks for the swift reply, but as I said, I paid a developer to set this up.

What I need are step-by-step instructions for Digital Ocean - where do I run these commands?

Sorry for being a newbie, but I’m evaluating Discourse and need to find out if I can administrate this forum myself or whether I need to pay someone to take care of the server side of things.

Thanks.

thangngoc89 · January 10, 2015, 5:32pm

Do you know how to login to your Digital Ocean VPS using a SSH client ?

TwelveMonkeys · January 10, 2015, 5:47pm

I’ve never done it before on Digital Ocean, but I’m sure I could work it out. Can I use the Terminal on my MacBook?

If so what info will I need to run the commands above?

Many thanks

thangngoc89 · January 19, 2015, 10:39pm

Yes. You can use Terminal on MacBook to login via ssh to your VPS.
After login to your VPS. run these command

# cd /var/discourse
# ./launcher enter app
$ rails c
[1] pry(main)> SiteSetting.enable_sso = false
[2] pry(main)> exit
$ exit

TwelveMonkeys · January 10, 2015, 6:03pm

thanks very much!

However I managed to reset the forum without having to open a command line.

By typing in the IP address, not domain name of my forum I was able to login and uncheck the SSO settings .

Now the forum is back up and running. Many thanks for your assistance!

Moter8 · January 10, 2015, 6:30pm

How did you even install Discourse without ever connecting to the server before?

Anyway: Your mac ships with Terminal which lets you connect to the server too. Open it and type ssh <yourserver_IP_or_domain> and you will be able to log in as long as you didn’t use some private key when setting up the server.

TwelveMonkeys · January 10, 2015, 7:06pm

Thank you for the advice.

FYI I’m a publisher, I don’t have a background in server administration - somebody else set the forum up for me.

Whilst I’m pretty technical, I need to feel confident that I can’t ‘break’ the installation purely by changing some settings in the admin panel.

This to me is a test as to whether Discourse will work for me and hence be adopted by the masses -like where Wordpress is at now.

Moter8 · January 10, 2015, 7:35pm

Oh I see, that’s fine too, Discourse Is fairly easy to administer for non-technical people too.

Back to Topic: the “Enable SSO” Option should have some sort of warning (Don’t enable this unless you know what it is for)

codinghorror · January 12, 2015, 8:54am

Good point I added this to the end of the site setting description for enable_sso

(WARNING: can prevent anyone from logging in if not properly configured when enabled; also disables invites)

kpfleming · January 12, 2015, 8:50pm

This is a configuration bug that you’ll probably want to get corrected, otherwise your users will also be able to bypass your SSO.

TwelveMonkeys · January 12, 2015, 10:27pm

Thanks for the advice but I’m skipping SSO for the moment.

Too complicated to set up for non sysadmin types like me.

thangngoc89 · January 13, 2015, 3:02pm

There is a Wordpress plugin for this
https://meta.discourse.org/t/wp-discourse-sso-plugin/23245

TwelveMonkeys · January 13, 2015, 5:31pm

Thanks, yes I have the Wordpress plugin installed - it’s pretty intuitive, however I’m struggling with the Discourse settings, in particular the following:

I have set the secret key, but I have no idea what the SSO url is and the implications of the override settings.

thangngoc89 · January 13, 2015, 5:52pm

You can read offcial instruction here

TwelveMonkeys · January 19, 2015, 10:34am

Many thanks for your help and encouragement.

Finally managed to get SSO working!

TwelveMonkeys · January 19, 2015, 10:42am

Thanks, I got this work finally. It seems that my server works a little differently. Being a newb, I thought it might help others with the same issue:

the irb command was giving me errors

NameError: undefined local variable or method `irb’ for main:Object

Instead I was getting this prompt after ‘rails c’

1] pry(main)>

This might as well have been in Sanskrit, but a little Googling told me this was an alternate to irb so I just entered the command:

SiteSetting.enable_sso = false
exit

And that seemed to work.

Thanks again!

riking · January 19, 2015, 10:39pm

Fixed the instructions for future travelers.

Rafiki · March 17, 2015, 5:41am

Appreciate help guys. Have ssh into my bitnami discourse stack and can’t get the commands to work. When I run rails C I get this error before I even get to running the = false command.

Looks like your app’s ./bin/rails is a stub that was generated by Bundler.

In Rails 4, your app’s bin/ directory contains executables that are versioned
like any other source code, rather than stubs that are generated on demand.

Here’s how to upgrade:

bundle config --delete bin # Turn off Bundler’s stub generator
rake rails:update:bin # Use the new Rails 4 executables
git add bin # Add bin/ to source control

You may need to remove bin/ from your .gitignore as well.

Any advice appreciate as need to get the SSO turned off asap. Thanks!