Using Discourse as a SSO provider


#42

The issues that were raised in Github didn’t have responses for over a year, and the example code that was provided in the readme file seems to be missing a bit of extra needed information.


(Andrew Waugh) #43

Another minor point, when a new account is created via SSO, wordpress isn’t triggering a new user notification email to the Email Address defined in wp-admin/options-general.php

An email is triggered if I create an account manually.


(Simon Cossar) #44

I think this should be added as an option.


(Andrew Waugh) #45

Isn’t it a built in function of wordpress? It triggers the mail if I create a new user in the WP UX… and at a rather fundamental level, a new user is a new user…


(Simon Cossar) #46

Yes, that makes sense. I’ll see what I can do to change it so that the new user notification is sent by default, and add an option to not send it.


(Simon Cossar) #47

I tried sending the default new user notification after an account is created through SSO, but it doesn’t seem right. That email assumes that the user hasn’t logged in yet. It includes a password reset link that takes the user to a login screen. For an account that’s created through SSO, the user is already logged in when they get the email. The most straightforward way for them to reset their password if to do it on their WordPress profile page.

I think we’re going to have to send a custom, configurable, email here.


(Andrew Waugh) #48

Now that you mention it… what happens if the Discourse user changes their password on Discourse, then uses the “Log in with Discourse”? Does it fail on a password mismatch, or does it update the WP password?

Another suggestion: Could you make the “Log in with Discourse” text configurable? Our users aren’t necessarily aware that the forum runs on Discourse, so this may cause some confusion. If I could configure the text to read “Log in via Jag-lovers” there would be (marginally) less confusion.

The account creation email is just a nice to have.


(Simon Cossar) #49

It doesn’t cause a problem. The WordPress password isn’t set from the Discourse password.

Yes, I’ll set that up tomorrow.


(Simon Cossar) #50

This can now be done. The settings are the last 3 settings on the ‘text content’ tab.


(Andrew Waugh) #51

Thanks Simon,

I just tried changing the “External login text” to a custom string (“Login via test-discourse-site”). The link appears, but no longer works.

When I then change the field back to blank (i.e. the way it was before), then the link no longer appears on the signin page.

EDIT: Nothing in /logs from the custom string, and no error message, clicking the link just blips the site and returns the exact same page.


(Simon Cossar) #52

That’s strange. Can you inspect the link and see what it looks like? It should look something like this:
<a href="http://mysite.com/?discourse_sso=1&amp;redirect_to=http://mysite.com/">Log in through WP Discourse Development</a>


(Simon Cossar) #53

Yeah, I’m seeing the problem. I’ll fix it in the morning.


(Andrew Waugh) #54

(Deleting the Username and Password entries makes no difference, yes I am logged into the SSO enabled Discourse site in another tab, this is with Chrome)

Link: http://ec2-54-149-151-255.us-west-2.compute.amazonaws.com/?discourse_sso=1&redirect_to=http://ec2-54-149-151-255.us-west-2.compute.amazonaws.com/

WP Site: http://ec2-54-149-151-255.us-west-2.compute.amazonaws.com
Discourse Site: http://ec2-35-166-241-189.us-west-2.compute.amazonaws.com


(Simon Cossar) #55

Thanks, it’s strange. I can reproduce it on a live site, but not on my development site.


(Andrew Waugh) #56

This is on my sandbox site, which I updated to v1.8.0.beta7 +44 this morning.


(Simon Cossar) #57

It should be fixed now (version 1.3.1). The problem wasn’t with the configurable text setting. I had switched a function call from wp_redirect to wp_safe_redirect where I shouldn’t have.

Thanks for reporting that!!!


(Andrew Waugh) #58

Ok, the link now works, as does the custom text.

But if you set the custom text back to blank then the link still no longer appears.


(Simon Cossar) #59

Great!

Yes, the idea is that you can set it to whatever you want it to, but I’d better add a validation to make sure it’s not set to an empty string. If you click the ‘Reset Default Values’ button at the bottom of the Text Options page, it will go back to the original text.


(Andrew Waugh) #60

Fair enough. I wouldn’t have noticed it if the link had worked (this isn’t a complaint).


(Andrew Waugh) #61

Quick question on “Sync Existing Users by Email”: What does this do, and when?

If it only works as the user logs in via SSO, then isn’t that implicit? Or does it mean something like disregard username and prefer email instead?