SSO 循环 - 需要帮助查找问题

支持 SSO
1

大家好,

我刚刚在公司内部搭建了一个 Discourse 论坛。我们自行编写了 SSO 登录功能,用于在 Discourse 中注册和登录。一切原本正常,但不知从何时起、因何原因,系统突然失效了。

Discourse 的 SSO 似乎陷入了无意义的循环,我无法找到根本问题。或许各位能帮我解决。

SSO 日志如下:

Started GET "/session/sso_login?sso=[very long ssotext]" for 87.163.88.41 at 2018-01-16 20:08:42 +0000
Processing by SessionController#sso_login as HTML
  Parameters: {"sso"=>"[very long ssotext]", "sig"=>"bc436ea4fb8c390d0f9d0e9d8858ca1f1ee22ca52e90140ccd80e0d9433606d5"}
Verbose SSO log: User was logged on --redacted--

nonce: 4a62ac720d1ed262db4e35e49d6e234a
name: --redacted--
username: --redacted--
email: --redacted--
avatar_url:
avatar_force_update:
require_activation:
bio: --redacted--
external_id: {1aaecfae9e4a0f409b1e8036727c130a}
return_sso_url:
admin:
moderator:
suppress_welcome_message:
title:
add_groups:
remove_groups:
groups:
Redirected to http://discourse.miccoe.cloud/
Completed 302 Found in 20ms (ActiveRecord: 5.8ms)
Started GET "/" for 87.163.88.41 at 2018-01-16 20:08:42 +0000
Processing by CategoriesController#index as HTML
Redirected to http://discourse.miccoe.cloud/session/sso
Filter chain halted as :redirect_to_login_if_required rendered or redirected
Completed 302 Found in 10ms (ActiveRecord: 4.2ms)
Started GET "/session/sso" for 87.163.88.41 at 2018-01-16 20:08:42 +0000
Processing by SessionController#sso as HTML
Verbose SSO log: Started SSO process

nonce: 9fa3be16c015041e86ef76f0f494a983
[以此类推]

你们需要哪些日志?我该如何提高日志的详细程度?还需要提供其他信息吗?

2

Your site looks like running on SSL and the log is quoting urls from http://

Have you tried enabling force-https on Discourse?
Can you check if your SSO provider is returning users to http link? If so, try diagnosing that and make sure that everything works on same protocol.

3

After enabling SSL directly in the Discourse-instance everything is working well again. Thanks for pointing that out.