SSO_SYNC not working

shahidmir · May 10, 2018, 9:26am

Hi Guys

I need some assistance with the /admin/users/sso_sync end point.
Using postman, I am trying to update an email address using this end point, but postman is returning a HTML page as response (which is basically the landing page of my application where discourse is integrated).

Im doing a POST to:

https:{my domain}/admin/users/sync_sso

With body:

{
	"email":"test@gmail.com",
	"external_id":"xxxxxxxxxxxxxxxxxxxxxxxxxxxx",
	"require_activation":"false",
	"api_key":"xxxxxxxxxxxxx",
	"api_username":"admin users email address"
}

For the api_username, i have tried both admin user’s email address as well as username, but none works.
Is the api_username something else?
Can someone advise where Im going wrong.

Regards

itsbhanusharma · May 10, 2018, 10:30am

As per

You have to use the following:

$api_username = 'system';

shahidmir · May 10, 2018, 11:07am

Hi,

thanks for that. Using the api_username=system takes me one step further, but I am now getting an error regarding an invalid ‘sig’, which is not something i pass neither suggested to pass?

RuntimeError (Bad signature for payload sso: sig: expected sig: a03011b1a83a925095b984c265fbe1e65f3351e6edfee38cbbf1b3c1015630f2) /var/www/discourse/lib/single_sign_on.rb:30:inparse’`

any ideas?

itsbhanusharma · May 10, 2018, 11:10am

I’m not very familiar with that endpoint and @simon wrote that howto so maybe he can help!

Edit:
are you initializing sig as:

$sig = hash_hmac( 'sha256', $sso_payload, $sso_secret );

shahidmir · May 10, 2018, 11:19am

No, I am not. Reading the documentation, I assumed I could call the end point with payload excluding nonce, sig and it would work. @sam, could you please advise on this too, have an urgent deadline to meet on this.
Using a Java application, I simply want to make a rest call to that end point to update the email, silently.

simon · May 10, 2018, 3:57pm

This is correct. You do not need the nonce in the payload for the sync_sso route. The body of the POST request needs the following parameters: sso, sig, api_key, api_username.

To see how to create the sso and sig parameters, read the ‘Setup the SSO parameters’ section of this topic: Sync DiscourseConnect user data with the sync_sso route.

The return value of a successful call to /admin/users/sync_sso is a Discourse User object.

shahidmir · May 10, 2018, 4:13pm

thank you simon, i have it almost working now.

Topic		Replies	Views
How to handle Discourse SSO when the authentication site allows users to change emails? sso	4	1190	February 24, 2023
Sync DiscourseConnect user data with the sync_sso route developers rest-api , tutorial	0	10341	April 2, 2018
Setup DiscourseConnect - Official Single-Sign-On for Discourse (sso) admins sso , discourseconnect , configuring , how-to	0	420741	February 25, 2014
Synchronizing Changes for SSO users sso discourseconnect	7	3804	October 10, 2018
Confirming a correct User+Pass combination via API? support	3	749	October 24, 2020

SSO_SYNC not working

Related Topics