I have SSO up and running and all works well. However I’d like to automatically log in my users when they visit our Discourse community if they are already logged in to our main website. In effect click the “Log In” button to initiate the SSO and return them back to Discourse where they were originally.
I’ve only just started looking over the login code but was hoping someone else might have some insight on how I can initiate the login from a custom theme component.
This can be done, but can cause issues logging into your SSO provider site if SSO is ever misconfigured. A safer approach is to add an SSO Login link to website that will automatically log users into Discourse and redirect them to a specified page when they click the link. See Create an SSO login link for details.
Can you expand on what kinds of issues I could expect?
In my particular case, visitors will not hit the main app first - in a particular session. They will be visiting the community site but they will have been logged into the main app at some point. I’d like to pull in the login session automatically without any user interaction.
I ran into an issue with this when I was attempting to log users into Discourse from WordPress by silently redirecting them to Discourse and then back to WordPress as a part of the WordPress login process. If SSO was misconfigured, users would be locked out of WordPress.
If you do want to try this type of approach, you will need to enable the sso allows all return paths setting on Discourse. If you do that, you can then redirect users to:
https://discourse.example.com/session/sso?return_path=path_back_to_your_sso_provider_site