We want to deploy a discourse instance as part of an identity federation. This will require SAML-2 attribute exchange for authentication. We will have the actual identities authorised to interact with the forum in an LDAP service linked to the discourse installation.
We expect the following workflow:
- users come to something like meta.project.eu,
- then the login screen will take them to the federation WAYF,
- they get redirected them to an IdP of their institute, then authenticate themselves
- our SP (discourse) gets their attributes and automatically registers them as basic users, writing to the ldap database.
Any idea if this is possible ?