SSO_SYNC not working


(shahid) #1

Hi Guys

I need some assistance with the /admin/users/sso_sync end point.
Using postman, I am trying to update an email address using this end point, but postman is returning a HTML page as response (which is basically the landing page of my application where discourse is integrated).

Im doing a POST to:

https:{my domain}/admin/users/sync_sso

With body:

{
	"email":"test@gmail.com",
	"external_id":"xxxxxxxxxxxxxxxxxxxxxxxxxxxx",
	"require_activation":"false",
	"api_key":"xxxxxxxxxxxxx",
	"api_username":"admin users email address"
}

For the api_username, i have tried both admin user’s email address as well as username, but none works.
Is the api_username something else?
Can someone advise where Im going wrong.

Regards


(Bhanu Sharma) #2

As per

You have to use the following:

$api_username = 'system';

(shahid) #3

Hi,

thanks for that. Using the api_username=system takes me one step further, but I am now getting an error regarding an invalid ‘sig’, which is not something i pass neither suggested to pass?

RuntimeError (Bad signature for payload sso: sig: expected sig: a03011b1a83a925095b984c265fbe1e65f3351e6edfee38cbbf1b3c1015630f2) /var/www/discourse/lib/single_sign_on.rb:30:inparse’`

any ideas?


(Bhanu Sharma) #4

I’m not very familiar with that endpoint and @Simon_Cossar wrote that howto so maybe he can help!

Edit:
are you initializing sig as:

$sig = hash_hmac( 'sha256', $sso_payload, $sso_secret );

(shahid) #5

No, I am not. Reading the documentation, I assumed I could call the end point with payload excluding nonce, sig and it would work. @sam, could you please advise on this too, have an urgent deadline to meet on this.
Using a Java application, I simply want to make a rest call to that end point to update the email, silently.


(Simon Cossar) #6

This is correct. You do not need the nonce in the payload for the sync_sso route. The body of the POST request needs the following parameters: sso, sig, api_key, api_username.

To see how to create the sso and sig parameters, read the ‘Setup the SSO parameters’ section of this topic: Sync SSO user data with the sync_sso route.

The return value of a successful call to /admin/users/sync_sso is a Discourse User object.


(shahid) #7

thank you simon, i have it almost working now.