• Members 9 posts
    July 2, 2020, 10:21 p.m.

    Wondering if someone could help out with some basic instructions on how to get SSO implementation working between an existing Django-based website and a newly created Misago forum.

    Thus far, we have:

    • pip installed and added 'simple_sso.sso_server' as an installed app in config.py
    • enabled SSO via the admin panel on the misago server
    • added entries for 'SSO_PRIVATE_KEY', 'SSO_PUBLIC_KEY' in config.py according to those provided by the misago admin panel

    Trying to log into the forum via the front-end is redirecting to: masgo-server.com/sso/client/

    Which is displaying a "somethings broken" page. No doubt, as many steps for the setup have not been completed.

    Apologies, but I personally am coming up the Django learning curve. So may need some quite pointed directions on what to look for next.

  • Members 9 posts
    July 2, 2020, 11:54 p.m.

    Fumbling around, and have added the following calls to the server/client class, and added the following url patterns in urls.py:

    sso_server = Server()
    sso_client = Client(settings.SSO_SERVER, settings.SSO_PUBLIC_KEY, settings.SSO_PRIVATE_KEY)

    urlpatterns += [
    path('server/', include(sso_server.get_urls())),
    path('client/', include(sso_client.get_urls())),
    ]

  • July 2, 2020, 11:58 p.m.

    If there's 'somethings broken' error, that means Misago crashed while displaying page. Are you able to provide error entry from logs/misago.log?

  • Members 9 posts
    July 3, 2020, 1:16 a.m.

    Latest logs, which seem to be printed each time I'm accessing the Misago board login, are reporting:

    ERROR Internal Server Error: /sso/client/

    One thing I did notice within that print, was that it seems Misago made a request to rootsite.com/request-token/, should this not be looking at rootsite.com/server/request-token/ as per my urls above?

    should I change the server entry in the Misago SSO settings to include '/server/'? currently, I have included only the rootsite.com/ address.

  • Members 9 posts
    July 3, 2020, 1:19 a.m.

    Note that if I do make that change above. I now see: 'Badrequest: Invalid public key' in the logs. Which seems to be a step forward.

  • Members 9 posts
    July 3, 2020, 1:44 a.m.
  • July 4, 2020, 9:39 p.m.

    You don't have to modify misago in any way to enable SSO in it. You only need to make sure that its configured correctly to connect to your root site.

    ERROR Internal Server Error: /sso/client/ is not entire log. There should be error traceback too in that file explaining in detail what happened.

  • July 5, 2020, 5:20 p.m.

    Apologies, I've only just had time to check this.

    So, Misago can only act as an client in SSO setups. This means your rootsite has to provide features for user registration and login. Your rootsite also has to implement SSO server. If its implemented using Django, this can be easily achieved with Django Simple SSO package.

    If your SSO server views are implemented under /server/ this should be entered into Misago, eg. http://example.com/server/. You will also need to configure public and private SSO keys on your site, and enter those into Misago.

    Enablign SSO in Misago will result in Misago redirecting users to your site when they click "Login" or "Register" buttons.

  • Members 9 posts
    July 9, 2020, 12:38 a.m.

    Sorry, haven't had a chance to look at this again until this morning.

    So, believe I have progressed past the issues above. I'm able to redirect with an issued token from my misago forum server to the sso server. It directs to the login page on the sso. I can log in. But then get a 'Bad Request (400)' error once sent back to the misago forum server.

    log on the misago server is showing 'ERROR User data failed to validate: id'

    Could this be an issue with how I'm handling the user model on the sso server?

  • July 9, 2020, 12:40 a.m.

    I think so. What's the format of user's ID on SSO server? Are you sure your server is including this ID in data sent to Misago?

  • Members 9 posts
    July 9, 2020, 1:47 a.m.

    Its an integer. I checked the sso_server_token table on the SSO server, and I can see it appending records for when I try to login via Misago server. The records are including the user_id correctly (referred to the user model). I checked, and the foreign key relationship is in-place too.

    The url showing the bad request error is of the format:

    misago_community_server.com/sso/client/authenticate/?next=%2F&access_token=XXX

  • July 9, 2020, 2:02 a.m.

    I've looked at the payload expected by Misago and user_id is not on the list. Instead, Misago expects id:

    id = forms.IntegerField(min_value=1)
    username = forms.CharField()
    email = forms.CharField()
    is_active = forms.BooleanField(required=False)
    
  • Members 9 posts
    July 9, 2020, 2:11 a.m.

    Ok sorry, I did just literally read that on your release announcement. And sounds like it's related to my issue.

    Just to confirm, sso_server_token does have an 'id' field (obviously), its just also got a FK relationship back to the user model's id field, which is referred as 'user_id'.

    So for a Django novice, whats the best way to implement this? Surely I don't need to extend/create a new user model just for Misago's SSO?That would require me to mod relationships etc. with the sso_server_token model too?

    What would you recommend?

  • July 9, 2020, 2:13 a.m.

    To be honest, I have problems understanding whats user_id in your app and what's the foreign key back to user model. Are you per chance implementing user profile model in your Django app?

  • July 9, 2020, 10:43 p.m.

    @buswedg : I set up Misago forum with my Django project. My solution:

    from simple_sso.sso_server.server import Server
    
    
    class ServerForMisago(Server):
        def get_user_data(self, user, *args, **kwargs) -> dict:
            user_data = super().get_user_data(user, *args, **kwargs)
            user_data['id'] = user.pk
            return user_data
    
        def get_user_extra_data(self, user, consumer, extra_data) -> dict:
            return {}
    
    
    sso_server = ServerForMisago()
    sso_server_urls = sso_server.get_urls()
    
    

    file my_project/urls.py

    import sso_server_urls
    
    urlpatterns += [
        path('server/', include(sso_server_urls)),
    ]
    

    That's all I needed to do. Now users can login to Misago forum through my Django app. Of course "Server URL" in Misago is http://mydjangosite.com/server/

  • July 9, 2020, 10:45 p.m.

    For clarity's sake, @orkan is the author of SSO support in Misago. ❤️

  • Members 9 posts
    July 11, 2020, 1:24 a.m.

    Looks like that has done it! much appreciated.

    There may still be some edge cases to cover however. I saw a duplicate key value violation for misago_users_user_email_hash_key, when I tried to login via sso redirection using an account + email which was already signed up to the Misago forum. That user had already been created on the forum without the sso method.

    Is that to be expected?

  • July 11, 2020, 8:21 p.m.

    Yes, it is expected. One email can be associated to one account in Misago. This restriction is implemented using email hash, this is why you see "duplicate key value violation for misago_users_user_email_hash_key".

    I think probably we can prepare possibility to associate existing misago account to account on sso server.