SSO: Unable to logout

I could use some advice. :slight_smile:

We’ve got WP as SSO provider (we’re managing access to Discourse and LMS content with MemberPress on WP). New user signup and login works beautifully—but I can’t seem to log out.

I’ve added the ?request=logout redirect, but the minute I refresh the logout, I’m back in again.

At first I thought it might be due to my having WP open in another browser tab, but the behavior is persists even after I’ve logged out of WP and closed the tab.

Feels like we’re really close on things. Hoping someone might feel like sharing some troubleshooting advice so we can put this one to bed.

Thank you.

Here’s a wee gif demonstrating (2) logouts in a row.
discourse-logout-loop

And here’s screenshots of my SSO settings, in WP:

And in Discourse:

It looks like you have everything configured correctly. Is this a regular WordPress site, or is it a part of a multisite setup? There may be an issue syncing logout with sites other than the main site on the network.

From looking at your screen recording, it seems that your Discourse site is set to login required. What is happening is that Discourse is redirecting you to your WordPress site with an SSO request, and then automatically logging you in because you’re still logged into WordPress. The expected behaviour is that you will end up on your WordPress login page as a logged out user.

Syncing logouts with Discourse depends on the WordPress clear_auth_cookie hook. Possibly another plugin on your site is interfering with this.

1 Like

Thank you, Simon. It’s a single WP site and a cookie would seem plausible. I’ll dig into that front, then.

Appreciate the advice!

brian driggs //// tgp

If you have a development site, try disabling all plugins except WP Discourse and see if the problem persists. If you don’t have a dev site, you could try deactivating plugins for your user’s session with the Health Check plugin. Details about how to use that plugin to disable plugins for a session are given here: Troubleshooting using the Health Check – Make WordPress Support.

4 Likes

Boom. Don’t have a dev site, but the health check plugin worked a treat—first try, even. Looks like I’ll be digging into MemberPress and the auth_cookie. Thank you, Simon.

Here’s the steps I took, should someone else need them:

  1. Installed the Health Check plugin.
    – Put site in Troubleshooting mode.
    – Enabled WP-Discourse plugin.
  2. Opened Discourse site.
    – Logged out.
    – Got redirected to WP login page (login form was missing).
    – Was unable to log back into Discourse at all. (Desired functionality.)
  3. Enabled MemberPress
    – (I realized the login page uses MemberPress-generated un/pw fields.)
    – Login form re-appeared.
  4. Opened Discourse site, was already logged in.
  5. Attempted logout, was redirected through a loop back to Discourse, still logged in.

I’ve been using WP since 2007 and had never heard of this plugin until now. Thanks again, Simon!

1 Like

Yeah, it’s very useful for troubleshooting.

I’d like to check what’s going on with MemberPress, but it’s a paid plugin. From looking at their documentation, it seems that there is a MemberPress Logout Redirect URL that can be set on the plugin’s options page. The issue might be related to that setting.

3 Likes

How can I help?

I noticed the logout redirect setting and set some targets, but it doesn’t appear to have any effect.

I’m trying to work out a way to logout Discourse from an external site. I’ve tried to find documentation and it seems the way to do it is sending an API POST request as mentioned in this post.

Problem is I don’t really understand how to make the API request and can’t work out where to go from here. I’ve downloaded Postman and trying to experiment in there, but I’m struggling. I’m not sure how to create the api request I need, and not sure how I’d implement it on the external site afterwards.

Any suggestions on how to crack this issue?

If you can give some details about your external site, someone here may be able to help.

1 Like

The site is a Wordpress site using Memberpress and it’s the SSO provider to my Discourse forum. After they logout on Wordpress I can redirect them to a URL, which I’d like to be the way I log them out of Discourse at the same time. Or perhaps I can send an api request via a php function which I could add to functions.php?

Are you using the WP Discourse plugin for SSO? If so, logging out from WordPress should log you out of Discourse, but there is a recent report that this is not working when the Memberpress plugin is used on WordPress: SSO: Unable to logout. Are you running into the same issue?

1 Like

Yes I’m using that plugin and it seems to be the same issue.

2 Likes

Great! I’ll try to get that fixed tomorrow.

2 Likes

Because you’re the man. Thanks, Simon. :slight_smile:

1 Like

That would be so helpful! If you need any further info from me, just let me know. Thanks!

1 Like

I’m having some trouble reproducing the issue. If I could create an account on either of your WordPress sites I might be able to see what’s going on. I don’t need admin access. If this is possible, send me a PM with the site details.

@simon just set you up with a membership. You should have received an email to set a password. LMK? TIA.

1 Like

I’ve also created an account on my site and PM’d you the details.

1 Like

@TGP Can you try changing your Discourse logout redirect setting to https://www.thegearheadproject.com/?request=logout it seems that non www requests are being redirected to the www URL, but that the request=logout query parameter is not being preserved in the redirect.

This may not solve the issue, but it would be good to rule it out as a cause.

2 Likes

It seems likely that the logout issues on these sites are not related.

@robtech when I log out of your Discourse site, I am also logged out of your WordPress site, so this part of the logout process seems to be working correctly on your site. The issue I’m finding is with syncing logouts from WordPress to Discourse. Logging out of your WordPress site is not logging me out of your Discourse site.

Can you make sure that the API Key and Publishing Username you have set on the WP Discourse Connection tab are correct? You need to use an admin API Key and username. The easiest option is to use your site’s Master API Key and use ‘system’ as the publishing username. You should see a notice saying that you are “connected to Discourse” after saving the options on this page. Admin credentials are required in this section so that users can be logged out of Discourse when the logout of WordPress.

Let me know if this doesn’t solve the issue.

2 Likes