Discourse-saml, choosing solution

I read this article:

This is good, but is the cloud service.
Can you recommend a similar service, but self-hosted? Maybe there is software tested with Discourse?

Which is the cloud service?

What are you trying to authenticate against?

We have several web services, in addition, several Discourse for different audiences. For each service and related Discourse, Drupal 7 is now installed, which provides SSO for the service and Discourse. And such a pattern is repeated several times. The total number of users is more than 10 000.

I would like to create a single user base for all services and instances of Discourse. Make an SSO that provides transparent authentication everywhere. And at the same time get rid of Drupal.
The SSO system should not be cloudy, but located on our servers. Auth0, OneLogin are cloud systems.

So I ask for advice, what would I choose.

The easiest solution would be to use a single Drupal instance for all of the discourse sites, as you already know how to do that. If you want to do away with Drupal altitude, then you could have one discourse be the SSO server to all sites.

No, the option of Discourse as an SSO provider is not suitable. Drupal definitely want to remove. Are there any working cases for integrating Discouse SAML Plugin with open sorce IdM/IAM?

Is there any reason you are trying to use SAML? We have plugins for OpenID Connect and OAuth2, which are generally a lot easier to configure.

We don’t have any officially tested IDPs. However, the top google result for “open source idp” is Keycloak. If you search here on Meta it looks like other people have managed to get it working with our openid-connect plugin (e.g. here). Maybe try experimenting with that as a starting point?

With OAuth2 Basic Plugin have one BIG problem - if the user is new to Discourse, then, after authentication, a window appears with the data of the new user.
You, @david , in another topic answered me that someday you will automatically create a user without showing this window. But now it has not yet been implemented.

Therefore, I suffer with SAML. I need a solution soon…

It looks like Keycloak also supports SAML, so you could still try that.

And can I order from you a PAID configuration of the plugin and Keycloak? )))
I tried, but I could not configure SAML and Keycloak.

At discourse.org we offer one-on-one support to our customers, but not for self-hosted sites. You could try posting in the #marketplace

@david You said that when using the SAML plugin, the window for creating a new user does not appear if the user is not in the Discourse database. So, it appears:

keyk011552×828 98.4 KB

keyk02792×663 36.4 KB

You will need to set DISCOURSE_SAML_AUTO_CREATE_ACCOUNT to 1 in your app.yml file

Working!!! Thanks @david !

But… Why is this option not mentioned in the documentation? )))
https://github.com/discourse/discourse-saml

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.