SSO - "There is a problem with your account. Please contact the site's administrator."

(Programster) #1

I just setup SSO on my discourse forum that I deployed through docker using the latest “stable” version (1.5). To clarify, I have my own SSO service that I am using to log into discourse. I am not using Discourse as an SSO provider. I used the cviebrock/discourse-php PHP package in order to develop the SSO service to work with discourse.

Whenever I hit login, everything redirects okay, but I land on the discourse forum with the message:

There is a problem with your account. Please contact the site’s administrator.

The address I land on is:

I tested messing with the signature or the sso and if I do that I get a blank page. I also tested plugging in an incorrect secret and got a different error message.

Has anyone else received this error message and know what I should do? Are there logs anywhere I can get more detailed information from?

(Programster) #2

Nevermind, it was a stupid implementation error on my part. I had the code:

$extraParameters = array(
    'name' => $userEmail = $_SESSION['name']

which should have been:

$extraParameters = array(
    'name' => $_SESSION['name']

I don’t khow how to delete or close this post, but would be grateful if someone else would.

(Régis Hanol) #3

(Régis Hanol) #4

You can’t on your own. Here, we recommend that you ask a moderator :wink:

(Jeff Atwood) #5

Hmm, how can we make the error message more useful in this case? Any ideas?

(Jeff Atwood) #6

(Arve Knudsen) #7

No suggestions, but I agree it should be more descriptive!

(Jeff Atwood) #8

@techapj can you add to your list, to look into this error message and any detail we can add to it at the time it occurs?

(Emanuelet) #9

At the moment I have a user on my Discourse instance experiencing this issue. For the SSO I’m using the official Wordpress Plugin GitHub - discourse/wp-discourse: WordPress plugin that lets you use Discourse as the community engine for a WordPress blog version 0.7

(Emanuelet) #10

and now I have a new one. I’m hosting Discourse version 1.5.2

(Emmanuel) #11

Did you get a chance to change the message? One user is reporting this, and I have no clue where to look at… His email doesn’t exist in our discourse db, nor the external ID.


(Jeff Atwood) #12

Possibly, not sure if @techapj had a chance to look.

(Emmanuel) #13

Where should I look in the meantime? Is there an error code that I can search for in the logs? Users are reaching out to me but I am not sure what to tell them…

(Arpit Jalan) #14

I didn’t had the chance to improve logging here yet. It’s on my low priority list.

I recommend enabling verbose sso logging setting and debug logs.

(Emmanuel) #15

Any chance there will be a fix there soon? We do have more and more cases about this and cannot help our users.

(Jeff Atwood) #16

What do you see when …

… you follow the above advice and look in /logs via your web browser?

(Emmanuel) #17

I see

{:primary_email=>"is not allowed."} Attributes: {"admin"=>false, "moderator"=>false, "locale"=>nil, "name"=>"Justin", "title"=>nil, "username"=>"xxx"}

The strange thing is that it works for most users. What does is not allowed mean?

(Kane York) #18

I don’t see any email field in that sso payload - make sure that the provider has an email on file for everyone.

(Jeff Atwood) #19

If the email is actually there (and not blank), perhaps that email address has been banned or blacklisted. Check your site settings and admin, logs, screened emails.

(Emmanuel) #20

Yes they were i the screened emails, thanks a lot.

Just curious, how do you decide who should be screened?