Wordpress as sso client Expired Nonce

Support WordPress
1

Hi all,

I’m trying to configure my wordpress to be a sso client to my discourse.

Everything seems to be configured as the howto states but when I try to ‘login with discourse’, if the user doesn’t exist it gets created, and it returns failed login ‘Expired nonce’

The details are:
url for the wordpress : https://aircadetcentral.net - on one IP
Discourse is https://forum.aircadetcentral.net - on another IP

Latest discourse installed
1.3.5 WP-Discourse plugin
No other plugins installed (apart from Cornerstone)

Not multisite (although it used to be but I deleted and reinstalled as single)

all thoughts greatly received.

Thanks

DJ

1 Like
2

Yes, I signed up for you site and am getting the same results, but I can’t reproduce the error in my development environment.

How did you do this? Have you added any redirect rules to your .htaccess file?

3

thanks @simon I must admit that’s 1 file i’ve not checked yet!

I completely deleted the multisite install, and installed a fresh single site WP. I’ll see if there are any traces of the multi install in the .htaccess.

Cheers

1 Like
4

can’t see anything drastic: here’s the file:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

seems standard to me??

I also cleared out any excess DNS entries as well yesterday, made no difference! :wink:

5

Yes, that looks right.

Where is your forum hosted?

6

it’s on my server in a KVM VPS running ubuntu and discourse is a standard docker install. The WP is on the main server running in apache

7

and just checked, you have an account with sync’d info on the WP site ???

what on earth have I missed!?!

8

That’s strange.

I have to go out for a couple of hours. I’ll look at this some more later today.

9

thanks @simon much appreciated :slight_smile:

10

Is the Discourse Username set for my account? (It’s under the Contact Info heading on the user profile page.)

11

Morning!

No, that field is blank!

12

Thanks! That gives some idea of where the error is happening.

I went through the password reset process and can now access my account on your WordPress site. When I click on the WordPress password reset email that you site is sending out, I get a ‘connection refused’ error and can only access the site by enabling a VPN. Possibly that has something to do with the problem.

2 Likes
13

hmmm,

that’s interesting, I wonder if the security/firewall tools are blocking the access. I’ll take a look…

but if you access the WP login page too often, too quickly you’ll get blocked anyway.

14

Hi,

tried to bypass the firewall settings and whilst it did kick in, i reset the rules and still got an Expired Nonce whilst trying to connect to Discourse.

The password reset was successful but the link to discourse returned the same with nothing showing up in the iptables output, so the IPs weren’t getting blocked.

odd…

15

The problem seems to be that CURRENT_TIMESTAMP isn’t a valid default value for mysql < 5.6.5, hence the nonce table can’t be created (if you looks into logs, you’ll find „invalid value for added_on…).

https://dev.mysql.com/doc/refman/5.6/en/timestamp-initialization.html

The shortest solution is sudo apt-get install mysql-server-5.6 :slight_smile:

1 Like
16

thanks @iamntz,

i’m currently on MariaDB 5.5.46 does that cause an issue? and which version of MariaDB would I need?

I have found entries like this:

aircadetcentral.net.error.log:[Tue May 09 12:54:55.683839 2017] [:error] [pid 2179] [client x.x.x.x:xx] WordPress database error Table tablename1.wp_discourse_nonce' doesn't exist for query SELECT id FROM wp_discourse_nonce WHERE added_on < DATE_SUB(NOW(), INTERVAL 600 SECOND) made by require_once('wp-admin/user-edit.php'), require_once('wp-admin/admin.php'), require_once('wp-load.php'), require_once('wp-config.php'), require_once('wp-settings.php'), do_action('init'), WP_Hook->do_action, WP_Hook->apply_filters, call_user_func_array, WPDiscourse\\sso\\Client->parse_request, WPDiscourse\\sso\\Client->update_user, WPDiscourse\\Nonce::get_instance, WPDiscourse\\Nonce->__construct, WPDiscourse\\Nonce->maybe_create_db, WPDiscourse\\Nonce->purge_expired_nonces, referer: https://aircadetcentral.net/wp-login.php?discourse_sso_error=expired_nonce

in the error log!

17

Up until MariaDB 10, all features used to be 1:1 matching. So MariaDB 5.5.46 is kind of the same deal as mysql 5.5.46 :slight_smile:

18

ok, so I’d need at least mariadb 5.6.5 is that right? thanks for spooting this :slight_smile:

19

Yup, need to upgrade. Probably there is a way of making this backwards compatible, but considering that 5.6 was released in 2012 i think this would be kind of useless.

2 Likes
20

indeed, my mysql software is controlled by the webhosting panel software - so just looking at the path of least resistance to upgrade.

I’ll let you know when/if I solve the problem!

thanks