JumpCloud LDAP/SSO

We currently use GoogleSSO for our users to authenticate to our Discourse server. However, we were recently acquired and the new owners have us deprecating Google very soon. We use JumpCloud LDAP service in lieu of AD and would like to create a SAML/SSO plugin for our Discourse server and have added the LDAP plugin to configure SSO.

We have looked at both links below:
-GitHub - discourse/discourse-saml: Support for SAML in Discourse
-Official Single-Sign-On for Discourse (sso)

Are there any plans to integrate with JumpCloud?
-JumpCloud Support Community

This is the JumpCloud SAML/SSO setup:

We have been able to translate slight differences for other plugins before but are having a bear of a time getting translations done between JumpCloud and Discourse.

If this is totally not kosher, feel free to delete. I have not gone into depth about the steps taken for some sort of brevity.

1 Like

Ok…I figured out our issue:

We were trying to both setup LDAP in Discourse & create an SSO plugin in JumpCloud. This is unnecessary. We did not need to create a JumpCloud plugin.

Presupposing the LDAP Plugin is installed on your Discourse instance, this is what we did that worked:

  • Go to Admin Console > Settings Plugins > LDAP Plugin Settings
  • Select "Is LDAP plugin enabled?
  • ldap user create mode: auto
  • ldap lookup users by: mail
  • ldap hostname: ldap.jumpcloud.com
  • ldap port: 389
  • ldap methos: ssl or tls or plain
  • ldap base: ou=Users,o=OrganizationalID,dc=jumpcloud,dc=com
  • ldap uid: mail
  • ldap bind dn: uid=ServiceUserID,ou=Users,o=OrganizationalID,dc=jumpcloud,dc=com
  • ldap password: ServiceUserID password
  • ldap filter: (&(objectClass=person)(uid=*)(memberOf=cn=GroupName,ou=Users,o=OrganizationalID,dc=jumpcloud,dc=com))

The effect of disabling our GoogleSSO, (once we got the LDAP working), is that our users do not see the Google sign in and are taken to a generic “LDAP Authentication” page.

Lastly, if this is against community guidelines, please remove.

2 Likes