Discourse as a CAS Server


#1

Hi everyone,

I’m exploring different paths to integrate discourse with other webapps.

One interesting use case that I’m finding, is to use Discourse and it’s excellent identity management capabilities, as a cetral point to id management.

The current features (user creation flow, email validation, email invitacion, oAuth support, etc) makes Discourse as a great core place to hav identity implemented.

In the case that I need to develop a new app, and I want to use discourse’s user base as Identity, what’s the best approach should I take?

I don’t want to directly read the postgres database (or using ActiveRecord). In fact, I don’t know how to read passwords or validate facebook logged users.

Do you think that having a feauture that transforms Discourses as e CAS Server it would be a good way?

Tks! appreciate your ideas!


(Ernest Lee) #2

My plan is to integrate casino with an activerecord gem for reading discourse’s database. Anyone have suggestions?


(Ernest Lee) #3

I was able to tell the Casino CAS server to read the user database of Discourse and log in. However, I am stuck getting discourse to call casino after login.

Any ideas?


(Kane York) #4

It is recommneded to use your other webapp as the authentication provider, and Discourse as the consumer. See the official SSO guide here:


(Ernest Lee) #5

I don’t have a separate webapp provider and do not wish to install a new app for login as I have to migrate users.

I need to call cas after login and call logout on logout.


(Kane York) #6

What’s the Casino CAS server then?


(Ernest Lee) #7

It’s a CAS server that can either read ldap or the user table. I modified it so it can check the user password.

The goal of this so I can log into discourse once and also log onto the authentication service. Currently, to use a third party app I have to separately authenticate to Casino.


#8

I recently integrate CASino as SSO service with my Discourse as well, but I then realize that Discourse append sso and sig instead of service on query string, which makes it extremely difficult to integrate with CASino.

Here is a document about CAS protocol: http://jasig.github.io/cas/4.1.x/protocol/CAS-Protocol.html


(eriko) #9

You might find this useful. It sits between a CAS server and Discourse. It uses Discourses SSO and translates CAS info into Discourse SSO. It developed it using Casino but deploy it against Jasig CAS.


#10

I found another Discourse SSO translator as a gem. I need to integrate the Discourse SSO into my existing application, so the gem version would fit my demand better.


(eriko) #11

Sorry I was mistaken about the direction you needed to move auth. The link I provided was for going the other direction. Good luck.