WordPress SSO Page Template

(Adam Capriola) #37

I don’t see anything wrong (though you should change your sso_secret now that it’s been made public). PM me WordPress login credentials and I’ll try to figure out what’s wrong.

(Matt) #38

Thanks Adam.
PM sent.



I am also facing the issue of invalid request. I have correctly setup the template, sso secret etc, but when I try to login via wordpress or discourse, I get invalid request error.

Can you please suggest what I might be doing wrong ?

(Stephen Kerr Jr) #40

I am also having some “invalid request” errors.
When I click the “Login” button from Discourse, it redirects to wordpress successfully, but ends up with just the http://forum.website.com/session/sso_login?sso=bm9uY2U9ZWQ1OGU4YZA0NGI3MWUyM2VmNGH1YjY4NDU1ETQxN2QmbmFtZT1CYXNhbm92aWF0JnVzZXJuYW1lPAJhc2Fub3ZpDXQmZW1haWw9YmFzYW5vdmlhdCU0MGJhc2Fib3RzLmNvbSZhYm91dF9tZT0mZXh0ZXJuYWxfaWQ9MQ%3D%3D&sig=abb8158984cd9b6beee1709a83a0c253749dff4e241eb1053334f85b138bebca
the page doesnt go anywhere and just sits there.

I only have the the discourse_sso.php included in my functions in the default twenteefourteen theme and the wordpress template described in this post. What is the best way to implement SSO? There is a lot of talk about vague ways of using API and encoding, but without specifics, it wont really help a lot of us trying to get connected.

(Jake Jackson) #41

Same here. I had this set up and working correctly before the recent Discourse upgrade. Now getting ‘invalid request’.

(Jeff Atwood) #42

Are you seeing things as OK under the latest release?


Is it beta 4 you are referring to ? Still getting “Invalid Request”

(Steven Greco) #45

Just upgraded to beta4. SSO still works for me.

(Kunal Jain) #46

Still getting “Invalid Request”. We have setup, checked and re-checked every setting. Any idea why this might be happening?

(Arpit Jalan) #47

@AdamCapriola can you test WordPress SSO against latest release? Is it working fine for you?


No, Not working still getting “invalid request” or “Account login timed out, please try logging in again”

Since, Discouse is not letting me reply… I am adding it in previous post that SSO seems to be working now.

(Jake Jackson) #49

I did some debugging and it appears the problem only occurs if a user isn’t logged in on the WordPress website when using the SSO.

After the user is redirected to the login form and logs in the return URL has encoded elements removed:

This is the original SSO request:


And this is the URL WordPress redirects to after a user logs on:


The %0A is getting stripped out which makes the validation fail.

As far as patching the issue, I’m not sure… Anyone have any advice?

(etc) #50

I’m interested in getting this resolved since I used much of @AdamCapriola’s code in the refactored WP plugin. (Kudos @AdamCapriola)

If you give me access to your WP installation, I’ll help debug and rewrite the sanitization functions. Right now I’ve been testing against a hosted discourse trial since that was our primary use case. I can fire up my own installation tonight, however, then I can help update @AdamCapriola’s template.

(Jake Jackson) #51

Actually I installed and configured your plugin and the ‘Invalid Request’ issue went away. Anyone experiencing that problem should download and install GitHub - PrimeTimeCode/pt-wp-discourse-sso: PT WordPress + Discourse Single Sign On

(etc) #52

Note: I’ve just released a new version of the plugin. Instead of hijacking this thread, if you could follow the one I posted above that’d be great. I’ll make sure to keep it updated with information.

(Adam Capriola) #53

Hey, sorry everyone – I was busy during the holidays and never got to this. Here is how I’m currently doing the SSO implementation:

Instead of a page template I now use a pseudo-page that can be included as a plugin file instead (which is an improvement as you don’t have to worry about migrating it if you switch themes). Your sso url will be http://example.com/?request=sso.


I have this working well. I do have one question, if a user signs out of WP they are not signed out of Discourse. Is there a way to fix that?

(Steven Greco) #55

you have to add code to your site to sync the logout. Check out section D here.

(Nick Putman) #56

Hi Adam/all,

I’m trying to get SSO for discourse/WP working for the first time. I have the PrimeTime WP Discourse SSO plugin installed and I’m clear on how to enter the settings for the plugin and in discourse admin. What I’m not clear on is how to create the page that discourse redirects user to, to login. I have created the plugin, as detailed on this page: WordPress Integration Guide, but when trying to login to discourse I am redirected to a blank page. The url generated here is:


Does this look right? And what should I see on the page? I am supposing I need to see a login form, which then points back to discourse. Is this correct?



Synching discourse users to WordPress
(Steven Greco) #57

If you are using the PrimeTime plugin than your dont necessarily need anything from the integration guide. That is if you want to write the plugin yourself. I am betting if you have both they are conflicting.