What controls the return_url sent by sso?


(ikbear) #1

I am using Discourse CAS sso app, but after logging into my CAS server from discourse, it redirects me to this address: http://localhost:3000/session/sso_login?sso=bm9uY2U9N2, I am using pow for local development, so localhost is invalid.

I have changed it to “discourse.dev” in discourse_defaults.conf or discourse.conf, but it seems don’t work.

My issue is also recorded here: where should I provide the callback URL? · Issue #2 · eriko/discourse_cas_sso · GitHub

So, the question is: what controls the return_url sent by sso? Thanks.

(Kane York) #2

The DISCOURSE_HOSTNAME environment variable should be it.

Also, do not use .dev as that has a chance of becoming a gTLD. Use .local instead.

(ikbear) #3

Where to set this variable?

discourse.config is for Ubuntu? I am on Mac.

(ikbear) #4

I force setting the hostname from Admin => Developer, but it returns this error:

Error updating information, contact site admin

(Jeff Atwood) #5

@sam I really want a better, more descriptive error error message here. The current error message is unacceptable.

(ikbear) #6

@riking @eriko Does this error info mean that my CAS server’s returning info is invalid?

The returning info here is:

nonce: 80148d23073f264edd914589599147d0
name: helishi
username: helishi
external_id: helishi
return_sso_url: http://discourse.dev/session/sso_login

And my login username here is: helishi https://cas.qiniu.io:9443/login

(ikbear) #7

Maybe the problem is that It needs me to return an email address. But it didn’t, since it is only for company’s internal usage. Is there any method to disable email validating?

(Sam Saffron) #8

Without email it is toast will add a proper message here to end user (there is a message in logs)

(ikbear) #9

How to set for login without email?

(eriko) #10

You can not. An email address is a required part of using Discourses SSO. You need at least a username and an email address being returned from your CAS server.

If you are testing with Casino for a cas server you can use the following plugin to feed a fake email address. That said if you usecase does not allow for returning a email you can not use any of the SSO options at far as I can tell.