Wordpress as sso client Expired Nonce


(David Rice) #1

Hi all,

I’m trying to configure my wordpress to be a sso client to my discourse.

Everything seems to be configured as the howto states but when I try to ‘login with discourse’, if the user doesn’t exist it gets created, and it returns failed login ‘Expired nonce’

The details are:
url for the wordpress : https://aircadetcentral.net - on one IP
Discourse is https://forum.aircadetcentral.net - on another IP

Latest discourse installed
1.3.5 WP-Discourse plugin
No other plugins installed (apart from Cornerstone)

Not multisite (although it used to be but I deleted and reinstalled as single)

all thoughts greatly received.

Thanks

DJ


(Simon Cossar) #2

Yes, I signed up for you site and am getting the same results, but I can’t reproduce the error in my development environment.

How did you do this? Have you added any redirect rules to your .htaccess file?


(David Rice) #3

thanks @Simon_Cossar I must admit that’s 1 file i’ve not checked yet!

I completely deleted the multisite install, and installed a fresh single site WP. I’ll see if there are any traces of the multi install in the .htaccess.

Cheers


(David Rice) #4

can’t see anything drastic: here’s the file:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

seems standard to me??

I also cleared out any excess DNS entries as well yesterday, made no difference! :wink:


(Simon Cossar) #5

Yes, that looks right.

Where is your forum hosted?


(David Rice) #6

it’s on my server in a KVM VPS running ubuntu and discourse is a standard docker install. The WP is on the main server running in apache


(David Rice) #7

and just checked, you have an account with sync’d info on the WP site ???

what on earth have I missed!?!


(Simon Cossar) #8

That’s strange.

I have to go out for a couple of hours. I’ll look at this some more later today.


(David Rice) #9

thanks @Simon_Cossar much appreciated :slight_smile:


(Simon Cossar) #10

Is the Discourse Username set for my account? (It’s under the Contact Info heading on the user profile page.)


(David Rice) #11

Morning!

No, that field is blank!


(Simon Cossar) #12

Thanks! That gives some idea of where the error is happening.

I went through the password reset process and can now access my account on your WordPress site. When I click on the WordPress password reset email that you site is sending out, I get a ‘connection refused’ error and can only access the site by enabling a VPN. Possibly that has something to do with the problem.


(David Rice) #13

hmmm,

that’s interesting, I wonder if the security/firewall tools are blocking the access. I’ll take a look…

but if you access the WP login page too often, too quickly you’ll get blocked anyway.


(David Rice) #14

Hi,

tried to bypass the firewall settings and whilst it did kick in, i reset the rules and still got an Expired Nonce whilst trying to connect to Discourse.

The password reset was successful but the link to discourse returned the same with nothing showing up in the iptables output, so the IPs weren’t getting blocked.

odd…


(Ionuț Staicu) #15

The problem seems to be that CURRENT_TIMESTAMP isn’t a valid default value for mysql < 5.6.5, hence the nonce table can’t be created (if you looks into logs, you’ll find „invalid value for added_on…).

https://dev.mysql.com/doc/refman/5.6/en/timestamp-initialization.html

The shortest solution is sudo apt-get install mysql-server-5.6 :slight_smile:


(David Rice) #16

thanks @iamntz,

i’m currently on MariaDB 5.5.46 does that cause an issue? and which version of MariaDB would I need?

I have found entries like this:

aircadetcentral.net.error.log:[Tue May 09 12:54:55.683839 2017] [:error] [pid 2179] [client x.x.x.x:xx] WordPress database error Table tablename1.wp_discourse_nonce' doesn't exist for query SELECT id FROM wp_discourse_nonce WHERE added_on < DATE_SUB(NOW(), INTERVAL 600 SECOND) made by require_once('wp-admin/user-edit.php'), require_once('wp-admin/admin.php'), require_once('wp-load.php'), require_once('wp-config.php'), require_once('wp-settings.php'), do_action('init'), WP_Hook->do_action, WP_Hook->apply_filters, call_user_func_array, WPDiscourse\\sso\\Client->parse_request, WPDiscourse\\sso\\Client->update_user, WPDiscourse\\Nonce::get_instance, WPDiscourse\\Nonce->__construct, WPDiscourse\\Nonce->maybe_create_db, WPDiscourse\\Nonce->purge_expired_nonces, referer: https://aircadetcentral.net/wp-login.php?discourse_sso_error=expired_nonce

in the error log!


(Ionuț Staicu) #17

Up until MariaDB 10, all features used to be 1:1 matching. So MariaDB 5.5.46 is kind of the same deal as mysql 5.5.46 :slight_smile:


(David Rice) #18

ok, so I’d need at least mariadb 5.6.5 is that right? thanks for spooting this :slight_smile:


(Ionuț Staicu) #19

Yup, need to upgrade. Probably there is a way of making this backwards compatible, but considering that 5.6 was released in 2012 i think this would be kind of useless.


(David Rice) #20

indeed, my mysql software is controlled by the webhosting panel software - so just looking at the path of least resistance to upgrade.

I’ll let you know when/if I solve the problem!

thanks