SSO suddenly broken with "Error updating information, contact site admin"


(Pierre-Olivier Latour) #1

Running v1.3.0.beta4 +18

I just realized my SSO is broken, but I don’t know when it broke (possibly when updating from beta3 to beta4?). Nothing has changed AFAIK on the SSO side.

When I click on Log In it redirects to the SSO site correctly, sign-in works there, but the final redirect to Discourse fails: I get a blank page that just says “Error updating information, contact site admin” (the response headers indicate a 500 error). The logs in the admin interface are completely empty.

How do I debug and fix this?


(Jeff Atwood) #2

Anything in discourse.example.com/logs there?

So you were on beta3 and everything was OK?


(Pierre-Olivier Latour) #3

No, error logs are empty.

I can’t confirm it’s beta3 to beta4 as the community site hasn’t been launched yet, so almost no one is using it. It was working a few days back as there was one new user who signed in though.


(Pierre-Olivier Latour) #4

After more investigation, the issue seems to be related to CloudFlare which I have enabled for the domain that hosts discourse. I paused CloudFlare and the issue seemed to have gone away.


(Pierre-Olivier Latour) #5

Note that I had CloudFlare enabled for the past 2 or 3 months without any SSO issue.


(Pierre-Olivier Latour) #6

Another thing: even if CloudFlare is enabled, SSO works if I reload the redirect URL after replacing the hostname forums.gitup.co by the raw server IP 54.68.80.84 in it e.g.

https://forums.gitup.co/session/sso_login?sso=...

by

http://54.68.80.84/session/sso_login?sso=...

(Pierre-Olivier Latour) #7

How do I look for error logs once SSH’ed into the Docker instance?


(Pierre-Olivier Latour) #8

I think I fixed the issue: I noticed randomly this morning that Discourse had automatically added to the list of blocked IP addresses one of the CloudFlare IP addresses. I removed this block then explicitly whitelisted all their IPs. Then I reenabled CloudFlare, waited a few hours, and login with SSO appears to work again :smile:


(Sam Saffron) #9