Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

SSO locked out now...

On Friday I got Vanilla setup to use SSO against my site, I had written all the error handling code and was planning to write the actual authentication code today. Unfortunately my computer rebooted and now I can not get into the admin screen on Vanilla? I tried '/entry/password' to (http://[my ip]/forums/entry/password) but this ends up with "Not Found" error. I've tried several different variations but to no luck.

Thoughts on what I can do, otherwise I guess I will need to remove it and try again - although this is becoming more hassle then it maybe worth.

Thank you

Vanilla 2.3
jsConnect 1.5.3

Comments

  • You can access the dashboard settings via ftp the conf/config.php file and then you can disable whatever you did from there. Change true to false on the suspected plugins and then delete the .ini files from the cache.

    the url to entry is

    /forums/entry/signin

    url to dashboard

    /forums/dashboard/settings

  • The problem here is a tricky beast.

    Sweet jsConnect stores a few of its settings in the database table: GDN_UserAuthenticationProvider.

    Look for these columns: AuthenticateUrl, RegisterUrl, SignInUrl, SignOutUrl.

    You can delete the jsConnect plugin folder, or/and even disable it in your config.php, clear cache, update etc, but alas, the above setting remains and is still in use.

    So, to prevent the loop, just empty the values in the columns above.


    This feels like a bug. One that could eat you out of a few hours, if your mind is not in the right place. @charrondev what say you?

    Maybe have vanilla check if jsConnect or whatever AuthenticationSchemeAlias is in use, is disabled before using those DB values?

    Hope this helps someone...

    Cheers!

  • charrondevcharrondev Vanilla Staff

    I'm not really versed well in SSO solutions, so I can't really assist much here. In any case what drew you to this issue? It is quite stale and may even be resolved in the latest versions of Vanilla/JSConnect.

  • Hi.

    BTW, I am using 2.8.4 and latest jsConnect.

    I have always used SSO and nothing else. jsConnect is way too cool and seamless not to use. :)

    But yesterday, I needed to roll out a single vanilla forum package without any dependency on another CMS, and boom!

    I disconnected my default SSO setup and became ungraciously locked out. So I went to my config.php to disable jsConnect, and even removed the plugin folder, but no dice. I was still being redirected to my old signin url, which was weirding me out.

    So I did a SQL search on the DB and found the signin url value and deleted those

  • charrondevcharrondev Vanilla Staff

    Ah ok, I see what you mean. Could you file a bug report over on the core repo with the repro-steps and impact? https://github.com/vanilla/vanilla/issues/new?template=bug_report.md

  • KasparKaspar ✭✭✭

    I might recall wrong but seem to recall the last(most right) column in DB is a 1/0 - enable/disable field.

    I faced a similar issue last year when moving host provider(I had not had anything to do with the forum or Vanilla Forums backend prior to that so I was not familiar with any setup used prior).

    The signin kept being directed to the SSO URL even if jsconnect(which I knew nothing of at the time either) was not enabled - I had to disable the SSO/setting in DB.

  • Yes @Kaspar is correct; there is an Active column in that table that can be set to 0

Sign In or Register to comment.