SSO locked me out of Discourse!

TwelveMonkeys · 2015-01-10 16:57:06 UTC

I’m trying out SSO for my Wordpress site and it seems that if you get the configuration wrong, you can get locked out of your admin account.

Unfortunately, I am but a lowly publisher/admin. So the instructions here Sign In Error (SSO may be enabled) are no use to me. I am only vaguely technical - I paid a developer to set up Discourse on Digital Ocean for me.

I know what SSH is, but I haven’t touched a command line for several years. I either need some real layman step-by-step instructions, or I’ll have to pay another third party to sort this out.

Thanks in advance.

thangngoc89 · 2015-01-10 17:01:31 UTC

You can view this post

TwelveMonkeys · 2015-01-10 17:24:07 UTC

Thanks for the swift reply, but as I said, I paid a developer to set this up.

What I need are step-by-step instructions for Digital Ocean - where do I run these commands?

Sorry for being a newbie, but I’m evaluating Discourse and need to find out if I can administrate this forum myself or whether I need to pay someone to take care of the server side of things.

Thanks.

thangngoc89 · 2015-01-10 17:31:54 UTC

Do you know how to login to your Digital Ocean VPS using a SSH client ?

TwelveMonkeys · 2015-01-10 17:47:16 UTC

I’ve never done it before on Digital Ocean, but I’m sure I could work it out. Can I use the Terminal on my MacBook?

If so what info will I need to run the commands above?

Many thanks

thangngoc89 · 2015-01-10 17:51:18 UTC

Yes. You can use Terminal on MacBook to login via ssh to your VPS.
After login to your VPS. run these command

# cd /var/discourse
# ./launcher enter app
$ rails c
[1] pry(main)> SiteSetting.enable_sso = false
[2] pry(main)> exit
$ exit

TwelveMonkeys · 2015-01-10 18:03:10 UTC

thanks very much!

However I managed to reset the forum without having to open a command line.

By typing in the IP address, not domain name of my forum I was able to login and uncheck the SSO settings .

Now the forum is back up and running. Many thanks for your assistance!

Moter8 · 2015-01-10 18:30:36 UTC

How did you even install Discourse without ever connecting to the server before?

Anyway: Your mac ships with Terminal which lets you connect to the server too. Open it and type ssh <yourserver_IP_or_domain> and you will be able to log in as long as you didn’t use some private key when setting up the server.

TwelveMonkeys · 2015-01-10 19:06:52 UTC

Thank you for the advice.

FYI I’m a publisher, I don’t have a background in server administration - somebody else set the forum up for me.

Whilst I’m pretty technical, I need to feel confident that I can’t ‘break’ the installation purely by changing some settings in the admin panel.

This to me is a test as to whether Discourse will work for me and hence be adopted by the masses -like where Wordpress is at now.

Moter8 · 2015-01-10 19:35:26 UTC

Oh I see, that’s fine too, Discourse Is fairly easy to administer for non-technical people too.

Back to Topic: the “Enable SSO” Option should have some sort of warning (Don’t enable this unless you know what it is for)

codinghorror · 2015-01-12 08:54:50 UTC

Good point I added this to the end of the site setting description for enable_sso

(WARNING: can prevent anyone from logging in if not properly configured when enabled; also disables invites)

kpfleming · 2015-01-12 20:50:41 UTC

This is a configuration bug that you’ll probably want to get corrected, otherwise your users will also be able to bypass your SSO.

TwelveMonkeys · 2015-01-12 22:27:40 UTC

Thanks for the advice but I’m skipping SSO for the moment.

Too complicated to set up for non sysadmin types like me.

thangngoc89 · 2015-01-13 15:02:31 UTC

There is a Wordpress plugin for this

TwelveMonkeys · 2015-01-13 17:31:52 UTC

Thanks, yes I have the Wordpress plugin installed - it’s pretty intuitive, however I’m struggling with the Discourse settings, in particular the following:

I have set the secret key, but I have no idea what the SSO url is and the implications of the override settings.

thangngoc89 · 2015-01-13 17:52:31 UTC

You can read offcial instruction here

TwelveMonkeys · 2015-01-19 10:34:52 UTC

Many thanks for your help and encouragement.

Finally managed to get SSO working!

TwelveMonkeys · 2015-01-19 10:42:31 UTC

Thanks, I got this work finally. It seems that my server works a little differently. Being a newb, I thought it might help others with the same issue:

the irb command was giving me errors

NameError: undefined local variable or method `irb’ for main:Object

Instead I was getting this prompt after ‘rails c’

1] pry(main)>

This might as well have been in Sanskrit, but a little Googling told me this was an alternate to irb so I just entered the command:

SiteSetting.enable_sso = false
exit

And that seemed to work.

Thanks again!

riking · 2015-01-19 22:39:56 UTC

Fixed the instructions for future travelers.

Rafiki · 2015-03-17 05:41:12 UTC

Appreciate help guys. Have ssh into my bitnami discourse stack and can’t get the commands to work. When I run rails C I get this error before I even get to running the = false command.

Looks like your app’s ./bin/rails is a stub that was generated by Bundler.

In Rails 4, your app’s bin/ directory contains executables that are versioned
like any other source code, rather than stubs that are generated on demand.

Here’s how to upgrade:

bundle config --delete bin # Turn off Bundler’s stub generator
rake rails:update:bin # Use the new Rails 4 executables
git add bin # Add bin/ to source control

You may need to remove bin/ from your .gitignore as well.

Any advice appreciate as need to get the SSO turned off asap. Thanks!