How to perform a remote login without changing the domain


(Luciano Fantuzzi) #1

I’m using SSO to authenticate users and it’s working properly. The problem is that I want the users to be already logged in the forum after logging in my site, but keeping them in my site. Ie:

  1. -> login
  2. make forum login via backend (not changing the url)
  3. user browses the site and if he decides to go to he doesn’t need to login since he is already logged in.

Is this possible? Thanks.

Sharing authentication between root and subdomain
(Kane York) #2

Hmmm… Try inserting this into a </body> customization.

if (window != window.parent) {
  // In an iframe
  var message = Discourse.User.currentProp("username");
  if (!message) {
    message = "$NOT_LOGGED_IN";
  window.parent.postMessage(message, "");

Then on your page, you do this in JS:

// Create IE + others compatible event handler
var eventMethod = window.addEventListener ? "addEventListener" : "attachEvent";
var eventer = window[eventMethod];
var messageEvent = eventMethod == "attachEvent" ? "onmessage" : "message";

// Listen to message from child window
eventer(messageEvent, function(event) {
  var message =;"discourse username: " + message);
  if (message === "$NOT_LOGGED_IN") {
    // Login failed
    window.location = "/login_complete?failed=discourse";
  } else if (message) {
    window.location = "/login_complete";
}, false);

// Create iframe
// url is ""

(Luciano Fantuzzi) #3

thanks. mm it’s a bit robust for a simple backend process and depends all in javascript / redirects / controllers. is there a backend solution?