CAS auth via the SSO api


(eriko) #1

This is a replacement for the cas_sso plugin. It provides a middle man between a CAS server and a Discourse instance. It can actually supports any number of Discourse instances as long as they all use the same SSO api key. It also supports filtering the login via the CAS groups attributes if available.

The app is a very simple rails app and does not use a database at this point. If I ever get CAS SLO (Single LogOut) working that will require a database.


Disable "create account" screen for CAS logins
(eriko) #2

Jan Kaltoun has written a patch to support avatars for users. This patch has been added.

https://github.com/eriko/discourse_cas_sso/pull/1#issuecomment-88825548


(eriko) #3

Added update to properly handle getting the return url properly.
https://github.com/eriko/discourse_cas_sso/commit/9eb58d6976117fefe27055f25e5e418ef43326f5


(eriko) #4

I have merged in some updates. If you are not using the Groups filtering functionality there is no reason to update.

Updates:

  • Updated to rails 5.x
  • Removed a number of unused gems
  • In the case that the groups filtering was in use and a used was not a member of a group they will no longer bypass the filter.

#6

I need help to active this configuration …
I puted the folder “discourse_cas_sso” in “/var/discourse/” and I filled the configuation files as explain in here.
In my disocurse, I active sso options and puted the url of the admin page of my CAS server.
But what next ? Probably I should compile the discourse_cas_sso plugins, but how ?
How to make the link between theme ? Add the cas client as a plugin in discourse ?

Thank you for your help.


(eriko) #7

This is not a plugin for discourse. It is a separate rails application that you need to run elsewhere. It runs separately from discourse.


#8

Ok but I didn’t see anything in the readme.md to explain how to run this application. I didn’t find any index.php…


(eriko) #9

Ok here is the harsh version of this. This is a rails application not a php application. In most every way it the setup of rails application is different than a php app using an index.php file. I would suggest reading through Getting Started with Rails — Ruby on Rails Guides to get an idea of the environment you will need.

That said what are you trying to accomplish using this? There are not many cases where someone should use CAS for discourse. It really is only needed when you are limited to CAS for single sign on and can not use the built in SAML functionality of in discourse. If you are trying to figure how to run an rails app, at this point, then this path is probably not for you at this point in time.


#10

Ok thank you for your good explaination. I think I will try to make SSO by SAML way …
In fact I’m just trying to link the identification between my own website (codeigniter), and the chat (rocket chat), forum (discourse) and more app further, for the community.
I thought the simplest way was to launch a CAS server, but now I will try SAML server instead.


(eriko) #11

If you codeignoghter app controls your user date you might look at using GitHub - cviebrock/discourse-php: A PHP class for helping with Discourse's SSO login to provide sso to discourse

Good luck.


(eriko) #12

Small update to the Gemfile.lock that updates OmniAuth to a supported version.
No other changes.