Users are losing Admin role due to SSO


#1

We have the problem in our self-hosted forum at https://discuss.gravit.io/ that I and a colleague are always losing the Admin role. Somebody assigns it to me, I assign it to a colleague, and after a while, both of us aren’t Admins anymore.

Anything we can do? Any information I can give you?


(Felix Freiberger) #2

Are there any other admins in your instance? Do you see anything related in AdminLogsStaff Actions?


#3

Yes, we have three Admins in total. One of them seems to keep his Admin status, but the remaining two seem to lose it regularely.

Had a look at the logs, but nothing points to admins, just the "grant admin"s, where we assigned the Admin role amongst each other. I can share the log with you if you like.


(Rafael dos Santos Silva) #4

You use SSO, so if the SSO payload has admin=false admin will be removed on next login.


#5

That sounds reasonable. Where can I change that?


(Rafael dos Santos Silva) #6

If you want to manage admin powers in Discourse only, change the application that lives on Gravit Cloud – Sign in to stop sending the admin attribute.


(Joshua Rosenfeld) #7

To check if admin=false is being sent in the SSO payload, enable verbose SSO logging via settings and check your logs at https://discuss.gravit.io/logs. It’s highly likely this is the issue, we’ve seen it on multiple sites in the past.