I have a problem very similar to Avatars not pulling from SSO. While users can login with my SSO provider (consideratio/discourse-sso-oidc-bridge), and discourse show up information in logs about it, the provided information about the signed in user being admin or not etc is ignored.
In other words, my SSO provider returns admin: true for example, but it does not affect the user that remains non-admin.
Discourse manages to say “User was logged on” and list “admin: true”. Am I correct to assume that when this happens, the user is meant to become an admin if the user wasn’t already? Or, does it require additional steps?
I saw the following from Official Single-Sign-On for Discourse (sso), but I’m thinking this is mostly if you want to sync without having a user login at all, but you can also sync while the user is logging in. Or? Hmmm…
When I inspected the logs further, I found that params listed does not contain the full sso param, but only a truncated part. What is going on here? The only information within the sso params that is truncated is nonce=01bcdfd0a32b809567991b3dbd59fe9f&return_sso_url=https%3A%2F%2Fdiscour, but discourse has parsed more information at some point so I assume this is a artifact of the logger.
### Env
hostname <redacted>
process_id 17301
application_version da187f096734f8cf1716cbc89a8a6dd7b48cea41
HTTP_HOST <redacted>
REQUEST_URI /session/sso_login?sso=bm9uY2U9MDFiY2RmZDBhMzJiODA5NTY3OTkxYjNkYmQ1OWZlOWYmcmV0dXJuX3Nzb191cmw9aHR0cHMlM0ElMkYlMkZkaXNjb3Vyc2UuZHNwLnNhbmR2aWsuY29tJTJGc2Vzc2lvbiUyRnNzb19sb2dpbiZhZG1pbj10cnVlJm1vZGVyYXRvcj10cnVlJmVtYWlsPWVyaWsuc3VuZGVsbCU0MHNhbmR2aWsuY29tJmxvY2FsZT1lbi1VUyZuYW1lPUVyaWslMjBTdW5kZWxsJnVzZXJuYW1lPWVyaWsuc3VuZGVsbCU0MHNhbmR2aWsuY29tJmV4dGVybmFsX2lkPTAwdTdzeG5nbXh0bkVmalE4MzU2&sig=069549ea561b3e68e583866a05d5d84a2df291c7219295fe4236c4c467b449d5
REQUEST_METHOD GET
HTTP_USER_AGENT Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36
HTTP_ACCEPT text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
HTTP_X_FORWARDED_FOR <redacted>, <redacted>
HTTP_X_REAL_IP <redacted>
params:
sso bm9uY2U9MDFiY2RmZDBhMzJiODA5NTY3OTkxYjNkYmQ1OWZlOWYmcmV0dXJuX3Nzb191cmw9aHR0cHMlM0ElMkYlMkZkaXNjb3Vyc
sig 069549ea561b3e68e583866a05d5d84a2df291c7219295fe4236c4c467b449d5
Yes, setting the SSO parameter admin to true should be all that’s required to log a user in as an admin. When I test this on my own site it works for me. From the screenshot in your initial post, it looks like the parameter is set correctly. Are you still having trouble getting this to work?