Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Problem SSO: INVALID SIGNATURE > WHY?

Hello, I need help to configure SINGLE SIGN ON (SSO) in vanilla forum with wordpress.

I have a new installation of Vanilla Forums v2.3 with jsConnect to created a connection with wordpress by using the vanilla forum plugin for wordpress.

I set up a connection. SSO works fine in test mode. However, once I take the connection out of test mode I get the red "Invalid Signature" error.

Can some please help me??

Comments

  • LincLinc Detroit Admin

    Are both sites on the same server?

    Do you have the hash set to sha1 in the connection settings in the Vanilla dashboard?

  • no, both sites are not on the same server. does this matter?
    hash is set to md5 (default), why do I need to set it to sha1?

  • I just set the hash to sha1. still the same error: invalid signature :/

  • vrijvlindervrijvlinder Papillon-Sauvage MVP
    edited March 2017

    No , do not set it to sha1, that has been found to be compromised. Use a Higher one, Sha 256

    Please follow the tutorial except the sha part. http://docs.vanillaforums.com/help/sso/jsconnect/seamless/

  • LincLinc Detroit Admin

    @mailbox9494 said:
    no, both sites are not on the same server. does this matter?

    No, but it can help in debugging to know this because hashing requires certain things to be installed on a server.

    @mailbox9494 said:
    hash is set to md5 (default), why do I need to set it to sha1?

    You don't; again, trying to get enough information to know what you're doing.

    Next, I'd make sure you're putting the keys in alphabetical order before hashing. That's a common mistake to forget that step.

    Lastly, I'd confirm the hashes you're creating by comparing them with an online generator.

Sign In or Register to comment.