How to use SSO to sign users in to main application and Discourse

(Dan Huang) #1

Hello, everyone. We are building an application that will be using Discourse as its forum platform. We are running into some issues with SSO. We’ve enabled and properly set up SSO functionality for Discourse, but are running into issues when the user visits the discourse site via our application. Rather than being logged in automatically, a user must first click the “log in” button before he/she is redirected to the forum. Is there a way to bypass this, so that the user needs only to log in once for both platforms?

We were told that this could be done by either building a custom plugin that looks at cookies, set a cookie at the parent domain that the child domain can read or unconditionally redirect all anon traffic through auth.

Any ideas on how we can implement this?

(Sam Saffron) #2

Do you plan to allow any anonymous access on your forum?

(Dan Huang) #3

No, there is no anonymous access to the website.

(Sam Saffron) #4

OK, so I would accept a PR that forces an SSO redirect if any anonymous users attempt to access a site the has requires_login on.

(Adam Capriola) #5

This discussion might be relevant:

@Dan_Huang you’re saying when a user logs in to your application, they are not logged in to Discourse, right?

(Dan Huang) #6

@AdamCapriola, that’s correct. A user logs in to our application, but when the user visits the link to the forums from our app, he/she still needs to click on the login button, at which point they are redirected into Discourse, but without having to actually having to go through the sign in.

(Sam Saffron) #7

This is a simpler issue to solve, the site both requires login and has sso. You need a lot less magic in this case.

(Dan Huang) #8

@sam + @AdamCapriola, thanks for the help. We resolved the issue. We were redirecting the link to the root page and not to sessions. Everything is good to go.

Thanks for your help and patience.

Sharing authentication between root and subdomain
(Pahlevi Fikri Auliya) #9

@Dan_Huang I also encounter this issue, mind to share further your solution? :slight_smile:
So, from your main app, your redirected the user to the root page of your Discourse app? Then how did you make the log in process automatic? Did you modify Discourse code?

(Faeron Sayn) #10

@Dan_Huang wondering the same thing, would love to see what solution you came up with.

(Pahlevi Fikri Auliya) #12

I managed to do it by referring the link from my main app to http://<>/session/sso?return_path=%2F
Discourse then redirect back the page to my Rails controller which validate the user. Finally my Rails controller redirect back to Discourse.

Dirty hack though.

(Abai) #13

I faced the same problem. Any updates about solutions? I would be very thankful if I hear some updates :slight_smile: