Definition of discourse instance as a service provider in an identity federation

sso

(Bruce Becker) #1

Hello,

We want to deploy a discourse instance as part of an identity federation. This will require SAML-2 attribute exchange for authentication. We will have the actual identities authorised to interact with the forum in an LDAP service linked to the discourse installation.

We expect the following workflow:

  1. users come to something like meta.project.eu,
  2. then the login screen will take them to the federation WAYF,
  3. they get redirected them to an IdP of their institute, then authenticate themselves
  4. our SP (discourse) gets their attributes and automatically registers them as basic users, writing to the ldap database.

Any idea if this is possible ?
thanks,
Bruce