SSO working, but how do I get admin and moderator-rights passed?

(Henning) #1


I’ve setup a test-implementation of discourse where I use SSO to login.

Works great, but now I’ve been locked out of the admin-pages.

I’m using a lightly modified SSOHelper.php class to handle the stuff, but for some reason I can’t add admin to the set of parameters.

Anyone with an idea of what the problem is?

(Logan Mathews) #2

You can add the email which the sso passes to your app.yml as an admin.

(Henning) #3

As I read the docs, I should be able to add admin=1 to the response of the SSO, so that specific user got admin-rights, or am I wrong about that?

(Jeff Atwood) #4

If you get locked out of SSO you can use /users/admin-login to get back in via email.

(Kane York) #5

Yes, that is correct - adding admin=1 or moderator=1 to the SSO payload should work. Remember that the email and external id are the identity anchors, everything else is just used to create the account.

(Henning) #6

Does that mean that I can’t pass admin and moderator tags at each login?

I have the roles tagged in my backoffice system that handles the sso, and I don’t like the idea of maintaining roles multible places.

Any idea of how I can grant users access to groups from my external database? We will have new groups coming all the time, as each event or project we start may have their own closed category for internal discousion.


Syncing groups of users from external system
(Florian Bender) #7

So every time someone logs in via SSO, I can pass admin=1 or admin=0 to update the Discourse role? Did I get that correctly?

(Sam Saffron) #8

Yes that is what you would do.

(Ján Janočko) #9

Hi, this is not working for me. I send admin flag together with other data (email, name, username, external_id etc.) but I don’t see admin tools after logging as admin. What could be wrong?

(Ján Janočko) #10

OK, I found the problem:

admin shoud be true/false, not 1/0. In my case, this fixed it.