SSO - "There is a problem with your account. Please contact the site's administrator."

I just setup SSO on my discourse forum that I deployed through docker using the latest “stable” version (1.5). To clarify, I have my own SSO service that I am using to log into discourse. I am not using Discourse as an SSO provider. I used the cviebrock/discourse-php PHP package in order to develop the SSO service to work with discourse.

Whenever I hit login, everything redirects okay, but I land on the discourse forum with the message:

There is a problem with your account. Please contact the site’s administrator.

The address I land on is:

http://discourse.mydomain.org/session/sso_login?sso=bm9uY2U9NzFiNGIzM2UxMGQxYWJiYzc1MGI3MDFjMzE4ZTQwZTMmZXh0ZXJuYWxfaWQ9NTcw&sig=a3250a90855912afdbeb13be004449df52f404934b0414de02444c0d9be812ad

I tested messing with the signature or the sso and if I do that I get a blank page. I also tested plugging in an incorrect secret and got a different error message.

Has anyone else received this error message and know what I should do? Are there logs anywhere I can get more detailed information from?

Nevermind, it was a stupid implementation error on my part. I had the code:

$extraParameters = array(
    'name' => $userEmail = $_SESSION['name']
);

which should have been:

$extraParameters = array(
    'name' => $_SESSION['name']
);

I don’t khow how to delete or close this post, but would be grateful if someone else would.

You can’t on your own. Here, we recommend that you ask a moderator

Hmm, how can we make the error message more useful in this case? Any ideas?

No suggestions, but I agree it should be more descriptive!

@techapj can you add to your list, to look into this error message and any detail we can add to it at the time it occurs?

At the moment I have a user on my Discourse instance experiencing this issue. For the SSO I’m using the official Wordpress Plugin GitHub - discourse/wp-discourse: WordPress plugin that lets you use Discourse as the community engine for a WordPress blog version 0.7

and now I have a new one. I’m hosting Discourse version 1.5.2

Possibly, not sure if @techapj had a chance to look.

I didn’t had the chance to improve logging here yet. It’s on my low priority list.

I recommend enabling verbose sso logging setting and debug logs.

What do you see when …

… you follow the above advice and look in /logs via your web browser?

I don’t see any email field in that sso payload - make sure that the provider has an email on file for everyone.

If the email is actually there (and not blank), perhaps that email address has been banned or blacklisted. Check your site settings and admin, logs, screened emails.

Hi,
I found another wierd behavior to get this error. And it is very annoying. Documentation sais that the SSO has to urlEncode the values of the unsigned payload.

Ok, for example I map the value of user.name:

• Single string. Works fine
• String with ONE space. It can either be encoded with a + or %20 (both are valid urlEncodings). Works fine
• String with TWO or MORE spaces. When they are encoded with a +, ERROR. With %20 works fine.

One space encoded with a ‘+’ works but several ‘+’ don’t? And the logs do not raise any error about this.

I think this is worth mentioning in the SSO documentation.

Thank you

This generic error shows up also when hitting the registration limit from the same ip - only saw the real reason after enabling verbose logging …

I now get this error with SSO. Possibly related to change an account’s email address from the WordPress side.

The solution for my problem was:

1. Admin -> Settings -> enable verbose SSO logging
2. Navigate to /logs on one screen while attempting to login on the other

This found the problem, then…

1. Delete existing account (non-sso) with the same email address
2. Reattempt SSO login