Help needed to use Discourse to login through multiple Site using SSO


(Amod Joshi) #1

Hi,

I have the main website site e.g www.example.com and my discourse site is discourse.example.com. I have another web application e.g subdomain.example.com.

From my main website site I am able to login to discourse using SSO but from my subdomain users are not able to login using SSO.

I thought I could achieve this by using the session cookies. i.e when the disourse sends the payload and sig I will validate those in main site and check the user is in the session with session cookies. If the user is not in session I will fire another request to subdomain with the session cookie sent by discourse, but the session cookies sent by discourse never matches. Hence My subdomain users are not able to login in discourse.

Please guide me to resolve this issue.

Thanks


(Felix Freiberger) #2

Wait, I don’t get that. www.example.com and subdomain.example.com are not running Discourse, and you want to have users on subdomain.example.com be able to log in through www.example.com, right? In that case, I don’t see what Discourse has to do with that process.


(Amod Joshi) #3

I have 2 different web application and single instance of discourse. I want both web application user to have access to discourse site using SSO.
i.e. first application url is: www.example.com
second application url is: subdomain.example.com
and my discourse website is hosted : discourse.example.com

In Discourse admin panel I have configured the SSO to look the user in my first application. So when the user from 2nd web application clicks on discourse link he is redirected to login to first application.

So I am looking for a solution that my both application share a single instance of discourse.


(Felix Freiberger) #4

You’ll need to implement that on your side of things: Your first application needs to handle both cases internally as Discourse can only support SSO against a single authentication source.


(Amod Joshi) #5

Thanks for your response.

I assume that the session cookie send in request to discourse will return to my single authentication source by discourse which in turn, I will use to handle both cases internally. But the session cookie send by discourse does not match. Hence the user from 2nd web application not able to login discourse.

can you guide me or give me some idea to share a single instance of discourse.


(Felix Freiberger) #6

You should never look at Discourse’s session cookies. They are in implementation detail and are subject to change, and have changed recently. The only interaction between your site and Discourse should be the SSO protocol (or Discourse’s API).


(Amod Joshi) #7

I successfully able to resolve the issue. I shared the session cookies of my domain so it is access from my domain.
Now my sub domain users are able to login and use the single instance of discourse forum