Users unable to login using Wordpress SSO


(Sam Nazarko) #1

Hi there,

Over the last couple of months, I’ve had some reports of issues when a user tries to login to the forums but had an account before.

In January when we moved to WP based SSO; I know that existing user accounts were merged automatically; provided that the user used the same email address to create a new account on the WP site as they had previously used on Discourse.

However, some users seem to be encountering some issues. I’ve enabled debugging for SSO, and see:


Verbose SSO log: Record was invalid: User {:primary_email=>"has already been taken"} Attributes: {"admin"=>false, "moderator"=>false, "locale"=>nil, "name"=>"someuser", "title"=>nil, "username"=>"someuser

I’d have expected the user to be able to make an account with the same email, and be logged in to their existing account. Instead, Discourse seems to be trying to use the username set in Wordpress; rather than the existing Discourse username assigned to that email address.

Has some behaviour regarding this changed recenttly?

Thanks in advance

Sam


(Simon Cossar) #2

Yes, Discourse recently changed the way it handles SSO login attempts for users with unverified email addresses. If the require_activation SSO parameter is set to true, users from the SSO provider site are no longer being matched with existing Discourse users by their email address. You can find some details for dealing with this here: Debugging and fixing common SSO issues.

There are a couple of possible solutions for you. If it’s only affecting a few users on your site, you can try the approach that’s outlined in the topic I linked to above. If it’s affecting many users, you may need to add some code to your WordPress site to prevent the require_activation parameter from being set to true.

How were the users created on your WordPress and Discourse sites? Were users imported into either of them?


(Sam Nazarko) #3

Hi Simon,

Thank you for your reply and for confirming that behaviour has changed.

We have a custom registration page in WP and we email their password to their email; which verifies their account is valid. This doesn’t seem to affect new users.

Your workaround should do the trick. Much obliged.

Sam