User is not logged in after SSO sequence


(James D) #1

I’m trying to set up Discourse (1.2.0) SSO with a Rails app. Right now, Discourse and my app send each other the tokens and don’t log any errors, but the Discourse user still isn’t logged in at the end.

Here are the requests that happen when I click on the “Log In” button in Discourse. I’ve copied them from the Firefox dev tools as curl commands and split them up for readability.

  • dev.lvh.me:3000 is my rails app, running on my local box.
  • dev.lvh.me:4000 is my discourse instance, running in Vagrant.
  • (lvh.me just resolves itself and any subdomains to localhost)

Discourse 302 redirects to the rails app

curl 'http://dev.lvh.me:4000/session/sso?return_path=%2F' 
-H 'Host: dev.lvh.me:4000' 
-H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:36.0) Gecko/20100101 Firefox/36.0' 
-H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' 
-H 'Accept-Language: en-US,en;q=0.5' --compressed 
-H 'DNT: 1' 
-H 'Referer: http://dev.lvh.me:4000/' 
-H 'Cookie: __profilin=p%3Dt; _session_id=BAh7C0kiD3Nlc3Npb25faWQGOgZFRkkiJTYxNTM0MmNmMDY1ZGJjZmRmYTI4OWY0ZjQ4MjFmYzJhBjsAVEkiE3VzZXJfcmV0dXJuX3RvBjsARiIOL2F1dGgvc3NvSSIZd2FyZGVuLnVzZXIudXNlci5rZXkGOwBUWwdbBmkC9kBJIiIkMmEkMTAkb3FEUlNTYk96TEZldExMYmFCOEtXLgY7AFRJIhFjYXJlZ2l2ZXJfaWQGOwBGaQK0O0kiGmNvbXBsZXRpb25fcGVyY2VudGFnZQY7AEZJIgYwBjsARkkiEF9jc3JmX3Rva2VuBjsARkkiMTVtTzF4a04veXdrcVd2SVF5YTRGUGxMWW5lUUtES2xUUXFKRjB2VjFSUzA9BjsARg%3D%3D--255aa6575a43498b74f995b4d71edad737af8811; destination_url=http%3A%2F%2Fdev.lvh.me%3A4000%2F; _forum_session=BAh7BkkiD3Nlc3Npb25faWQGOgZFVEkiJWI4OGU2ZTk4YmE2NGVkZjZiNjdiYTE4NmYyYmU3OTJlBjsAVA%3D%3D--d09bb2323f993833822cc0bf3c385c90d1b12e84' 
-H 'Connection: keep-alive'

The Rails app 302 redirects to Discourse

curl 'http://dev.lvh.me:3000/auth/sso?sso=bm9uY2U9MDcxMzE0YmY5YTk2MmE5OWJmMTA2YmYyZDk5M2Y3MTEmcmV0dXJu%0AX3Nzb191cmw9aHR0cCUzQSUyRiUyRmxvY2FsaG9zdCUzQTQwMDAlMkZzZXNz%0AaW9uJTJGc3NvX2xvZ2lu%0A&sig=6693c5b2d347cc3064dead401d0384326cd78b1b0fa79ea4124919cf8b566359' 
-H 'Host: dev.lvh.me:3000' 
-H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:36.0) Gecko/20100101 Firefox/36.0' 
-H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' 
-H 'Accept-Language: en-US,en;q=0.5' --compressed 
-H 'DNT: 1' 
-H 'Referer: http://dev.lvh.me:4000/' 
-H 'Cookie: __profilin=p%3Dt; _session_id=BAh7C0kiD3Nlc3Npb25faWQGOgZFRkkiJTYxNTM0MmNmMDY1ZGJjZmRmYTI4OWY0ZjQ4MjFmYzJhBjsAVEkiE3VzZXJfcmV0dXJuX3RvBjsARiIOL2F1dGgvc3NvSSIZd2FyZGVuLnVzZXIudXNlci5rZXkGOwBUWwdbBmkC9kBJIiIkMmEkMTAkb3FEUlNTYk96TEZldExMYmFCOEtXLgY7AFRJIhFjYXJlZ2l2ZXJfaWQGOwBGaQK0O0kiGmNvbXBsZXRpb25fcGVyY2VudGFnZQY7AEZJIgYwBjsARkkiEF9jc3JmX3Rva2VuBjsARkkiMTVtTzF4a04veXdrcVd2SVF5YTRGUGxMWW5lUUtES2xUUXFKRjB2VjFSUzA9BjsARg%3D%3D--255aa6575a43498b74f995b4d71edad737af8811; destination_url=http%3A%2F%2Fdev.lvh.me%3A4000%2F; _forum_session=BAh7BkkiD3Nlc3Npb25faWQGOgZFVEkiJWI4OGU2ZTk4YmE2NGVkZjZiNjdiYTE4NmYyYmU3OTJlBjsAVA%3D%3D--d09bb2323f993833822cc0bf3c385c90d1b12e84' 
-H 'Connection: keep-alive'

Load Discourse

curl 'http://dev.lvh.me:4000/?sso=bm9uY2U9MDcxMzE0YmY5YTk2MmE5OWJmMTA2YmYyZDk5M2Y3MTEmZW1haWw9%0AamFtZXNnZWNrbyU0MGdtYWlsLmNvbSZleHRlcm5hbF9pZD0xNjYzMCZyZXR1%0Acm5fc3NvX3VybD1odHRwJTNBJTJGJTJGbG9jYWxob3N0JTNBNDAwMCUyRnNl%0Ac3Npb24lMkZzc29fbG9naW4%3D%0A&sig=4bd17e5ea0c1455220ca53e261037e2f977127c9aa6c72d394d824f40fdff7c6' 
-H 'Host: dev.lvh.me:4000' 
-H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:36.0) Gecko/20100101 Firefox/36.0' 
-H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' 
-H 'Accept-Language: en-US,en;q=0.5' --compressed 
-H 'DNT: 1' 
-H 'Referer: http://dev.lvh.me:4000/' 
-H 'Cookie: __profilin=p%3Dt; _session_id=BAh7C0kiD3Nlc3Npb25faWQGOgZFRkkiJTYxNTM0MmNmMDY1ZGJjZmRmYTI4OWY0ZjQ4MjFmYzJhBjsAVEkiE3VzZXJfcmV0dXJuX3RvBjsARiIOL2F1dGgvc3NvSSIZd2FyZGVuLnVzZXIudXNlci5rZXkGOwBUWwdbBmkC9kBJIiIkMmEkMTAkb3FEUlNTYk96TEZldExMYmFCOEtXLgY7AFRJIhFjYXJlZ2l2ZXJfaWQGOwBGaQK0O0kiGmNvbXBsZXRpb25fcGVyY2VudGFnZQY7AEZJIgYwBjsARkkiEF9jc3JmX3Rva2VuBjsARkkiMTVtTzF4a04veXdrcVd2SVF5YTRGUGxMWW5lUUtES2xUUXFKRjB2VjFSUzA9BjsARg%3D%3D--255aa6575a43498b74f995b4d71edad737af8811; destination_url=http%3A%2F%2Fdev.lvh.me%3A4000%2F; _forum_session=BAh7BkkiD3Nlc3Npb25faWQGOgZFVEkiJWI4OGU2ZTk4YmE2NGVkZjZiNjdiYTE4NmYyYmU3OTJlBjsAVA%3D%3D--d09bb2323f993833822cc0bf3c385c90d1b12e84' 
-H 'Connection: keep-alive'

The SSO controller in my Rails app looks like this. I’m using the SingleSignOn implementation provided in this post.

# app/controllers/single_sign_on_controller.rb
class SingleSignOnController < ApplicationController
  before_filter :authenticate_user! # I'm using the Devise gem.
 
  SSO_SECRET = 'password'
  FORUM_URL = 'http://dev.lvh.me:4000'
 
  def sso
    sso = SingleSignOn.parse(request.query_string, SSO_SECRET)
    sso.email = current_user.email
    sso.external_id = current_user.id
    redirect_to sso.to_url(FORUM_URL)
  end
end

(Sigurður Guðbrandsson) #2

Do you know what data is being passed? (unencrypted)


(James D) #3

What data are you looking for? I thought the sso and sig params in the URL were the important part?

Here’s the response headers (with a different sso and sig, and, um, session and everything else. Yay Incognito mode).

Discourse 302 redirects to the rails app: server response headers

Connection: "close"
Content-Type: "text/html; charset=utf-8"
Location:"http://dev.lvh.me:3000/auth/sso?sso=bm9uY2U9YWZmZWM4NDQ5ZDEyMmFiYjVmYWM4ZDIxODhkMjEyZTgmcmV0dXJu%0AX3Nzb191cmw9aHR0cCUzQSUyRiUyRmxvY2FsaG9zdCUzQTQwMDAlMkZzZXNz%0AaW9uJTJGc3NvX2xvZ2lu%0A&sig=b8f7e208fe41da10733c9a2c9abf920d4058153ac4b569d0a9fb29a9f2545b71"
Server: "thin"
Set-Cookie: "__profilin=p%3Dt; path=/__profilin=p%3Dt; path=/"
X-Content-Type-Options:"nosniff"
X-Request-Id:"5eed2793-870d-4719-9c85-fb9df7fa0475"
X-Runtime:"0.287509"
X-XSS-Protection:"1; mode=block"
x-frame-options:"SAMEORIGIN"

Rails app 302 redirect: server response headers

Cache-Control:"no-cache"
Connection:"close"
Content-Type:"text/html; charset=utf-8"
Location:"http://dev.lvh.me:4000?sso=bm9uY2U9YWZmZWM4NDQ5ZDEyMmFiYjVmYWM4ZDIxODhkMjEyZTgmZW1haWw9%0AamFtZXNnZWNrbyU0MGdtYWlsLmNvbSZleHRlcm5hbF9pZD0xNjYzMCZyZXR1%0Acm5fc3NvX3VybD1odHRwJTNBJTJGJTJGbG9jYWxob3N0JTNBNDAwMCUyRnNl%0Ac3Npb24lMkZzc29fbG9naW4%3D%0A&sig=24ff4b263dc1d91c0e4999e465c007020703ae230426949b3b175ce8bf4d1cc9"
P3P:"CP="ALL DSP COR CURa ADMa DEVa OUR IND COM NAV""
Server:"thin 1.5.0 codename Knife"
Set-Cookie:"_session_id=BAh7CkkiD3Nlc3Npb25faWQGOgZFRkkiJTBmMzQ1ZWFhNjI3MjM0YzFlNWIxZjkxMThmOTE2YzZiBjsAVEkiGXdhcmRlbi51c2VyLnVzZXIua2V5BjsAVFsHWwZpAvZASSIiJDJhJDEwJG9xRFJTU2JPekxGZXRMTGJhQjhLVy4GOwBUSSIRY2FyZWdpdmVyX2lkBjsARmkCtDtJIhpjb21wbGV0aW9uX3BlcmNlbnRhZ2UGOwBGSSIGMAY7AEZJIhBfY3NyZl90b2tlbgY7AEZJIjFLUUlzelBzckxBU0N4MXhWRXNxdHNKQyszdlNZME1vZG92dXA2T3AyWEZnPQY7AEY%3D--e99f091253969488c03945f5ec9e902a6ade7049; path=/; HttpOnly
__profilin=p%3Dt; path=/
__profilin=p%3Dt; path=/"
X-Request-Id:"d6d2fe47bf9abe83242f1454a8ac44de"
X-Runtime:"0.745208"
X-UA-Compatible:"IE=Edge"

Load Discourse: server response headers

(This one actually has a response body, but it’s just the Discourse HTML)

Cache-Control:"no-store, must-revalidate, private, max-age=0"
Connection:"keep-alive"
Content-Length:"79969"
Content-Type:"text/html; charset=utf-8"
Server:"thin"
Set-Cookie:"destination_url=http%3A%2F%2Fdev.lvh.me%3A4000%2F%3Fsso%3Dbm9uY2U9YWZmZWM4NDQ5ZDEyMmFiYjVmYWM4ZDIxODhkMjEyZTgmZW1haWw9%250AamFtZXNnZWNrbyU0MGdtYWlsLmNvbSZleHRlcm5hbF9pZD0xNjYzMCZyZXR1%250Acm5fc3NvX3VybD1odHRwJTNBJTJGJTJGbG9jYWxob3N0JTNBNDAwMCUyRnNl%250Ac3Npb24lMkZzc29fbG9naW4%253D%250A%26sig%3D24ff4b263dc1d91c0e4999e465c007020703ae230426949b3b175ce8bf4d1cc9; path=/
__profilin=p%3Dt; path=/
__profilin=p%3Dt; path=/"
X-Content-Type-Options:"nosniff"
X-MiniProfiler-Ids:"["ui78618frwesqco4dn9j","ss6m826wfo6lrt4fmj7c","tvyz8iji4fx4ns2vj4qa","xnmyogs15it1svyxz2ul","94u9tgwzvsvg6o8k4h1f","9tjovqcqaxtnekslmxnn","yfqjw12y0kbyg4bahi9n","zfpzw9xsx034nh6oc7li","hxkvqs13mc744z80cm72","8j5i1s68046tnziww7kf"]"
X-Request-Id:"c7d4d79d-6443-414e-9172-cd6bbc10098f"
X-Runtime:"0.917484"
X-XSS-Protection:"1; mode=block"
x-frame-options:"SAMEORIGIN"

Edit: and here are the server logs.

Rails app

Started GET "/auth/sso?sso=bm9uY2U9OWNhOWI5ODQ2MDFiYTFjMGYwMzEyZDFhOTUzNGQ5YjMmcmV0dXJu%0AX3Nzb191cmw9aHR0cCUzQSUyRiUyRmxvY2FsaG9zdCUzQTQwMDAlMkZzZXNz%0AaW9uJTJGc3NvX2xvZ2lu%0A&sig=3f0775cb6eae24a5dbe4e5a8681351c8846bce0975f81818004943ef90bb303b" for 127.0.0.1 at 2015-03-06 17:59:37 -0500
Processing by SingleSignOnController#sso as HTML
  Parameters: {"sso"=>"bm9uY2U9OWNhOWI5ODQ2MDFiYTFjMGYwMzEyZDFhOTUzNGQ5YjMmcmV0dXJu\nX3Nzb191cmw9aHR0cCUzQSUyRiUyRmxvY2FsaG9zdCUzQTQwMDAlMkZzZXNz\naW9uJTJGc3NvX2xvZ2lu\n", "sig"=>"3f0775cb6eae24a5dbe4e5a8681351c8846bce0975f81818004943ef90bb303b"}
  User Load (2.2ms)  SELECT "users".* FROM "users" WHERE "users"."id" = 16630 AND ("users".deleted_at IS NULL) LIMIT 1
Controller = single_sign_on
Redirected to http://dev.lvh.me:4000?sso=bm9uY2U9OWNhOWI5ODQ2MDFiYTFjMGYwMzEyZDFhOTUzNGQ5YjMmZW1haWw9%0AamFtZXNnZWNrbyU0MGdtYWlsLmNvbSZleHRlcm5hbF9pZD0xNjYzMCZyZXR1%0Acm5fc3NvX3VybD1odHRwJTNBJTJGJTJGbG9jYWxob3N0JTNBNDAwMCUyRnNl%0Ac3Npb24lMkZzc29fbG9naW4%3D%0A&sig=070e820d6c5688a7c47ae0fc410940b4366f771d30822a52a7be4f35818f106f
Completed 302 Found in 16ms (ActiveRecord: 6.4ms)

Discourse

D, [2015-03-06T17:59:37.404488 #11619] DEBUG -- :
D, [2015-03-06T17:59:37.404950 #11619] DEBUG -- :
I, [2015-03-06T17:59:37.405348 #11619]  INFO -- : Started GET "/session/sso?return_path=%2F" for 10.0.2.2 at 2015-03-06 17:59:37 -0500
I, [2015-03-06T17:59:37.561258 #11619]  INFO -- : Processing by SessionController#sso as HTML
I, [2015-03-06T17:59:37.565440 #11619]  INFO -- :   Parameters: {"return_path"=>"/"}
D, [2015-03-06T17:59:37.575694 #11619] DEBUG -- :   Group Load (3.1ms)  SELECT "groups".* FROM "groups"   ORDER BY "groups"."name" ASC
D, [2015-03-06T17:59:37.586155 #11619] DEBUG -- :   Category Load (3.4ms)  SELECT "categories".* FROM "categories"  WHERE (NOT categories.read_restricted)  ORDER BY "categories"."position" ASC
D, [2015-03-06T17:59:37.599621 #11619] DEBUG -- :   Topic Load (5.8ms)  SELECT id, title, slug FROM "topics"  WHERE ("topics"."deleted_at" IS NULL) AND "topics"."id" IN (56, 10, 11, 12, 13, 41, 42, 43, 44, 45, 46, 47)
D, [2015-03-06T17:59:37.609612 #11619] DEBUG -- :    (2.3ms)  SELECT "categories"."id" FROM "categories"  WHERE (1=0)
D, [2015-03-06T17:59:37.620240 #11619] DEBUG -- :   PostActionType Load (2.2ms)  SELECT "post_action_types".* FROM "post_action_types"   ORDER BY position asc
D, [2015-03-06T17:59:37.630240 #11619] DEBUG -- :   PostActionType Load (2.6ms)  SELECT "post_action_types".* FROM "post_action_types"  WHERE "post_action_types"."name_key" IN ('inappropriate', 'spam', 'notify_moderators')  ORDER BY position asc
D, [2015-03-06T17:59:37.639339 #11619] DEBUG -- :   UserField Load (3.6ms)  SELECT "user_fields".* FROM "user_fields"
I, [2015-03-06T17:59:37.653216 #11619]  INFO -- : Redirected to http://dev.lvh.me:3000/auth/sso?sso=bm9uY2U9OWNhOWI5ODQ2MDFiYTFjMGYwMzEyZDFhOTUzNGQ5YjMmcmV0dXJu%0AX3Nzb191cmw9aHR0cCUzQSUyRiUyRmxvY2FsaG9zdCUzQTQwMDAlMkZzZXNz%0AaW9uJTJGc3NvX2xvZ2lu%0A&sig=3f0775cb6eae24a5dbe4e5a8681351c8846bce0975f81818004943ef90bb303b
I, [2015-03-06T17:59:37.656773 #11619]  INFO -- : Completed 302 Found in 87ms (ActiveRecord: 23.1ms)
D, [2015-03-06T17:59:37.785510 #11619] DEBUG -- :
D, [2015-03-06T17:59:37.786238 #11619] DEBUG -- :
I, [2015-03-06T17:59:37.788253 #11619]  INFO -- : Started GET "/?sso=bm9uY2U9OWNhOWI5ODQ2MDFiYTFjMGYwMzEyZDFhOTUzNGQ5YjMmZW1haWw9%0AamFtZXNnZWNrbyU0MGdtYWlsLmNvbSZleHRlcm5hbF9pZD0xNjYzMCZyZXR1%0Acm5fc3NvX3VybD1odHRwJTNBJTJGJTJGbG9jYWxob3N0JTNBNDAwMCUyRnNl%0Ac3Npb24lMkZzc29fbG9naW4%3D%0A&sig=070e820d6c5688a7c47ae0fc410940b4366f771d30822a52a7be4f35818f106f" for 10.0.2.2 at 2015-03-06 17:59:37 -0500
I, [2015-03-06T17:59:37.948714 #11619]  INFO -- : Processing by ListController#latest as HTML
I, [2015-03-06T17:59:37.952646 #11619]  INFO -- :   Parameters: {"sso"=>"bm9uY2U9OWNhOWI5ODQ2MDFiYTFjMGYwMzEyZDFhOTUzNGQ5YjMmZW1haWw9\namFtZXNnZWNrbyU0MGdtYWlsLmNvbSZleHRlcm5hbF9pZD0xNjYzMCZyZXR1\ncm5fc3NvX3VybD1odHRwJTNBJTJGJTJGbG9jYWxob3N0JTNBNDAwMCUyRnNl\nc3Npb24lMkZzc29fbG9naW4=\n", "sig"=>"070e820d6c5688a7c47ae0fc410940b4366f771d30822a52a7be4f35818f106f"}
D, [2015-03-06T17:59:37.961122 #11619] DEBUG -- :   Group Load (3.4ms)  SELECT "groups".* FROM "groups"   ORDER BY "groups"."name" ASC
D, [2015-03-06T17:59:37.970237 #11619] DEBUG -- :   Category Load (3.6ms)  SELECT "categories".* FROM "categories"  WHERE (NOT categories.read_restricted)  ORDER BY "categories"."position" ASC
D, [2015-03-06T17:59:37.980731 #11619] DEBUG -- :   Topic Load (2.8ms)  SELECT id, title, slug FROM "topics"  WHERE ("topics"."deleted_at" IS NULL) AND "topics"."id" IN (56, 10, 11, 12, 13, 41, 42, 43, 44, 45, 46, 47)
D, [2015-03-06T17:59:37.990709 #11619] DEBUG -- :    (3.9ms)  SELECT "categories"."id" FROM "categories"  WHERE (1=0)
D, [2015-03-06T17:59:38.001282 #11619] DEBUG -- :   PostActionType Load (1.9ms)  SELECT "post_action_types".* FROM "post_action_types"   ORDER BY position asc
D, [2015-03-06T17:59:38.013121 #11619] DEBUG -- :   PostActionType Load (3.2ms)  SELECT "post_action_types".* FROM "post_action_types"  WHERE "post_action_types"."name_key" IN ('inappropriate', 'spam', 'notify_moderators')  ORDER BY position asc
D, [2015-03-06T17:59:38.022744 #11619] DEBUG -- :   UserField Load (2.5ms)  SELECT "user_fields".* FROM "user_fields"
D, [2015-03-06T17:59:38.036155 #11619] DEBUG -- :    (2.6ms)  SELECT "categories"."id" FROM "categories"  WHERE "categories"."read_restricted" = 'f'
D, [2015-03-06T17:59:38.053134 #11619] DEBUG -- :   SQL (3.7ms)  SELECT  "topics"."id" AS t0_r0, "topics"."title" AS t0_r1, "topics"."last_posted_at" AS t0_r2, "topics"."created_at" AS t0_r3, "topics"."updated_at" AS t0_r4, "topics"."views" AS t0_r5, "topics"."posts_count" AS t0_r6, "topics"."user_id" AS t0_r7, "topics"."last_post_user_id" AS t0_r8, "topics"."reply_count" AS t0_r9, "topics"."featured_user1_id" AS t0_r10, "topics"."featured_user2_id" AS t0_r11, "topics"."featured_user3_id" AS t0_r12, "topics"."avg_time" AS t0_r13, "topics"."deleted_at" AS t0_r14, "topics"."highest_post_number" AS t0_r15, "topics"."image_url" AS t0_r16, "topics"."off_topic_count" AS t0_r17, "topics"."like_count" AS t0_r18, "topics"."incoming_link_count" AS t0_r19, "topics"."bookmark_count" AS t0_r20, "topics"."category_id" AS t0_r21, "topics"."visible" AS t0_r22, "topics"."moderator_posts_count" AS t0_r23, "topics"."closed" AS t0_r24, "topics"."archived" AS t0_r25, "topics"."bumped_at" AS t0_r26, "topics"."has_summary" AS t0_r27, "topics"."vote_count" AS t0_r28, "topics"."archetype" AS t0_r29, "topics"."featured_user4_id" AS t0_r30, "topics"."notify_moderators_count" AS t0_r31, "topics"."spam_count" AS t0_r32, "topics"."illegal_count" AS t0_r33, "topics"."inappropriate_count" AS t0_r34, "topics"."pinned_at" AS t0_r35, "topics"."score" AS t0_r36, "topics"."percent_rank" AS t0_r37, "topics"."notify_user_count" AS t0_r38, "topics"."subtype" AS t0_r39, "topics"."slug" AS t0_r40, "topics"."auto_close_at" AS t0_r41, "topics"."auto_close_user_id" AS t0_r42, "topics"."auto_close_started_at" AS t0_r43, "topics"."deleted_by_id" AS t0_r44, "topics"."participant_count" AS t0_r45, "topics"."word_count" AS t0_r46, "topics"."excerpt" AS t0_r47, "topics"."pinned_globally" AS t0_r48, "topics"."auto_close_based_on_last_post" AS t0_r49, "topics"."auto_close_hours" AS t0_r50, "categories"."id" AS t1_r0, "categories"."name" AS t1_r1, "categories"."color" AS t1_r2, "categories"."topic_id" AS t1_r3, "categories"."topic_count" AS t1_r4, "categories"."created_at" AS t1_r5, "categories"."updated_at" AS t1_r6, "categories"."user_id" AS t1_r7, "categories"."topics_year" AS t1_r8, "categories"."topics_month" AS t1_r9, "categories"."topics_week" AS t1_r10, "categories"."slug" AS t1_r11, "categories"."description" AS t1_r12, "categories"."text_color" AS t1_r13, "categories"."read_restricted" AS t1_r14, "categories"."auto_close_hours" AS t1_r15, "categories"."post_count" AS t1_r16, "categories"."latest_post_id" AS t1_r17, "categories"."latest_topic_id" AS t1_r18, "categories"."position" AS t1_r19, "categories"."parent_category_id" AS t1_r20, "categories"."posts_year" AS t1_r21, "categories"."posts_month" AS t1_r22, "categories"."posts_week" AS t1_r23, "categories"."email_in" AS t1_r24, "categories"."email_in_allow_strangers" AS t1_r25, "categories"."topics_day" AS t1_r26, "categories"."posts_day" AS t1_r27, "categories"."logo_url" AS t1_r28, "categories"."background_url" AS t1_r29, "categories"."allow_badges" AS t1_r30, "categories"."name_lower" AS t1_r31, "categories"."auto_close_based_on_last_post" AS t1_r32 FROM "topics" LEFT OUTER JOIN "categories" ON "categories"."id" = "topics"."category_id" WHERE (topics.archetype <> 'private_message') AND (COALESCE(categories.topic_id, 0) <> topics.id) AND "topics"."visible" = 't' AND (topics.deleted_at IS NULL) AND (topics.category_id IS NULL or topics.category_id IN (3,5,6,7,8,9,10,11,14,4,2,1,12)) AND (pinned_globally AND  pinned_at IS NOT NULL )  ORDER BY topics.bumped_at DESC LIMIT 30
D, [2015-03-06T17:59:38.069186 #11619] DEBUG -- :   SQL (3.1ms)  SELECT  "topics"."id" AS t0_r0, "topics"."title" AS t0_r1, "topics"."last_posted_at" AS t0_r2, "topics"."created_at" AS t0_r3, "topics"."updated_at" AS t0_r4, "topics"."views" AS t0_r5, "topics"."posts_count" AS t0_r6, "topics"."user_id" AS t0_r7, "topics"."last_post_user_id" AS t0_r8, "topics"."reply_count" AS t0_r9, "topics"."featured_user1_id" AS t0_r10, "topics"."featured_user2_id" AS t0_r11, "topics"."featured_user3_id" AS t0_r12, "topics"."avg_time" AS t0_r13, "topics"."deleted_at" AS t0_r14, "topics"."highest_post_number" AS t0_r15, "topics"."image_url" AS t0_r16, "topics"."off_topic_count" AS t0_r17, "topics"."like_count" AS t0_r18, "topics"."incoming_link_count" AS t0_r19, "topics"."bookmark_count" AS t0_r20, "topics"."category_id" AS t0_r21, "topics"."visible" AS t0_r22, "topics"."moderator_posts_count" AS t0_r23, "topics"."closed" AS t0_r24, "topics"."archived" AS t0_r25, "topics"."bumped_at" AS t0_r26, "topics"."has_summary" AS t0_r27, "topics"."vote_count" AS t0_r28, "topics"."archetype" AS t0_r29, "topics"."featured_user4_id" AS t0_r30, "topics"."notify_moderators_count" AS t0_r31, "topics"."spam_count" AS t0_r32, "topics"."illegal_count" AS t0_r33, "topics"."inappropriate_count" AS t0_r34, "topics"."pinned_at" AS t0_r35, "topics"."score" AS t0_r36, "topics"."percent_rank" AS t0_r37, "topics"."notify_user_count" AS t0_r38, "topics"."subtype" AS t0_r39, "topics"."slug" AS t0_r40, "topics"."auto_close_at" AS t0_r41, "topics"."auto_close_user_id" AS t0_r42, "topics"."auto_close_started_at" AS t0_r43, "topics"."deleted_by_id" AS t0_r44, "topics"."participant_count" AS t0_r45, "topics"."word_count" AS t0_r46, "topics"."excerpt" AS t0_r47, "topics"."pinned_globally" AS t0_r48, "topics"."auto_close_based_on_last_post" AS t0_r49, "topics"."auto_close_hours" AS t0_r50, "categories"."id" AS t1_r0, "categories"."name" AS t1_r1, "categories"."color" AS t1_r2, "categories"."topic_id" AS t1_r3, "categories"."topic_count" AS t1_r4, "categories"."created_at" AS t1_r5, "categories"."updated_at" AS t1_r6, "categories"."user_id" AS t1_r7, "categories"."topics_year" AS t1_r8, "categories"."topics_month" AS t1_r9, "categories"."topics_week" AS t1_r10, "categories"."slug" AS t1_r11, "categories"."description" AS t1_r12, "categories"."text_color" AS t1_r13, "categories"."read_restricted" AS t1_r14, "categories"."auto_close_hours" AS t1_r15, "categories"."post_count" AS t1_r16, "categories"."latest_post_id" AS t1_r17, "categories"."latest_topic_id" AS t1_r18, "categories"."position" AS t1_r19, "categories"."parent_category_id" AS t1_r20, "categories"."posts_year" AS t1_r21, "categories"."posts_month" AS t1_r22, "categories"."posts_week" AS t1_r23, "categories"."email_in" AS t1_r24, "categories"."email_in_allow_strangers" AS t1_r25, "categories"."topics_day" AS t1_r26, "categories"."posts_day" AS t1_r27, "categories"."logo_url" AS t1_r28, "categories"."background_url" AS t1_r29, "categories"."allow_badges" AS t1_r30, "categories"."name_lower" AS t1_r31, "categories"."auto_close_based_on_last_post" AS t1_r32 FROM "topics" LEFT OUTER JOIN "categories" ON "categories"."id" = "topics"."category_id" WHERE (topics.archetype <> 'private_message') AND (COALESCE(categories.topic_id, 0) <> topics.id) AND "topics"."visible" = 't' AND (topics.deleted_at IS NULL) AND (topics.category_id IS NULL or topics.category_id IN (3,5,6,7,8,9,10,11,14,4,2,1,12)) AND (NOT ( pinned_globally AND  pinned_at IS NOT NULL  ))  ORDER BY topics.bumped_at DESC LIMIT 30
D, [2015-03-06T17:59:38.083922 #11619] DEBUG -- :   User Load (2.5ms)  SELECT "users"."id", "users"."email", "users"."username", "users"."uploaded_avatar_id" FROM "users"  WHERE "users"."id" IN (24, 7, 23, 19, 22, 2, 20, 22, 11, 20, 14, 9, 20, 11, 12)
I, [2015-03-06T17:59:38.130803 #11619]  INFO -- :   Rendered list/list.erb within layouts/application (6.6ms)
I, [2015-03-06T17:59:38.137971 #11619]  INFO -- :   Rendered layouts/_head.html.erb (0.5ms)
I, [2015-03-06T17:59:38.147925 #11619]  INFO -- :   Rendered common/_special_font_face.html.erb (3.5ms)
D, [2015-03-06T17:59:38.159694 #11619] DEBUG -- :   ColorScheme Load (3.2ms)  SELECT  "color_schemes".* FROM "color_schemes"  WHERE "color_schemes"."versioned_id" IS NULL AND "color_schemes"."enabled" = 't' LIMIT 1
D, [2015-03-06T17:59:38.169591 #11619] DEBUG -- :    (2.6ms)  SELECT  "categories"."updated_at" FROM "categories"   ORDER BY updated_at desc LIMIT 1
I, [2015-03-06T17:59:38.212201 #11619]  INFO -- :   Rendered common/_discourse_stylesheet.html.erb (56.6ms)
I, [2015-03-06T17:59:38.679355 #11619]  INFO -- :   Rendered common/_discourse_javascript.html.erb (3.9ms)
I, [2015-03-06T17:59:38.684389 #11619]  INFO -- : Completed 200 OK in 728ms (Views: 575.3ms | ActiveRecord: 39.0ms)
D, [2015-03-06T17:59:38.783759 #11619] DEBUG -- :
D, [2015-03-06T17:59:38.787841 #11619] DEBUG -- :
I, [2015-03-06T17:59:38.788463 #11619]  INFO -- : Started GET "/site_customizations/7e202ef2-56d7-47d5-98d8-a9c8d15e57dd.css?target=desktop&v=9621e8e97e44d7e6747d3908b0fa1b6f&__ws=localhost" for 10.0.2.2 at 2015-03-06 17:59:38 -0500
I, [2015-03-06T17:59:39.035321 #11619]  INFO -- : Processing by SiteCustomizationsController#show as CSS
I, [2015-03-06T17:59:39.040399 #11619]  INFO -- :   Parameters: {"target"=>"desktop", "v"=>"9621e8e97e44d7e6747d3908b0fa1b6f", "__ws"=>"localhost", "key"=>"7e202ef2-56d7-47d5-98d8-a9c8d15e57dd"}
D, [2015-03-06T17:59:39.050866 #11619] DEBUG -- :   Group Load (2.7ms)  SELECT "groups".* FROM "groups"   ORDER BY "groups"."name" ASC
D, [2015-03-06T17:59:39.063471 #11619] DEBUG -- :   Category Load (3.0ms)  SELECT "categories".* FROM "categories"  WHERE (NOT categories.read_restricted)  ORDER BY "categories"."position" ASC
D, [2015-03-06T17:59:39.079501 #11619] DEBUG -- :   Topic Load (5.3ms)  SELECT id, title, slug FROM "topics"  WHERE ("topics"."deleted_at" IS NULL) AND "topics"."id" IN (56, 10, 11, 12, 13, 41, 42, 43, 44, 45, 46, 47)
D, [2015-03-06T17:59:39.093557 #11619] DEBUG -- :    (2.7ms)  SELECT "categories"."id" FROM "categories"  WHERE (1=0)
D, [2015-03-06T17:59:39.106783 #11619] DEBUG -- :   PostActionType Load (3.4ms)  SELECT "post_action_types".* FROM "post_action_types"   ORDER BY position asc
D, [2015-03-06T17:59:39.120347 #11619] DEBUG -- :   PostActionType Load (3.4ms)  SELECT "post_action_types".* FROM "post_action_types"  WHERE "post_action_types"."name_key" IN ('inappropriate', 'spam', 'notify_moderators')  ORDER BY position asc
D, [2015-03-06T17:59:39.136379 #11619] DEBUG -- :   UserField Load (4.6ms)  SELECT "user_fields".* FROM "user_fields"
I, [2015-03-06T17:59:39.147130 #11619]  INFO -- :   Rendered text template (0.0ms)
I, [2015-03-06T17:59:39.151971 #11619]  INFO -- : Completed 200 OK in 106ms (Views: 5.2ms | ActiveRecord: 25.2ms)
F, [2015-03-06T18:00:20.164457 #11619] FATAL -- :
ActionController::RoutingError (No route matches [GET] "/letter_avatar/pekka.gaiser/25/2.png"):
  config/initializers/silence_logger.rb:24:in `call'
  lib/middleware/missing_avatars.rb:21:in `call'
  lib/middleware/turbo_dev.rb:32:in `call'

(Sigurður Guðbrandsson) #4

I’m looking for unencrypted sso data payload that is passed from the rails app to Discourse.

This data is encrypted with your secret SSO string which you should have configured in Discourse and your rails app.

All I can see right now is encrypted data, to help you diagnose this, I need the unencrypted data.
Please don’t share your encryption string.
Just log the data being passed into the ruby gem when your user is trying to log in with SSO.


(Kane York) #5

Something tells me that’s not the right route for that request.


(Sigurður Guðbrandsson) #6

@riking is spot on I believe … you should be redirecting your user to http://forumurl.com/session/sso_login?sso=payload&sig=sig


(James D) #7

Yep, that was it. Changing FORUM_URL in my controller to http://dev.lvh.me:4000/session/sso_login got things rolling. Thanks, ya’ll!


(Neil Lalonde) #8