Landing page on saml login

david · April 30, 2020, 8:48am

The automatic redirect should not introduce any security vulnerabilities. If you are aware of an exploit, please let us know via our disclosure program: discourse/docs/SECURITY.md at main · discourse/discourse · GitHub

I don’t think we want to add more noise to the settings until we have some more users requesting this change.

You could override this in a plugin by patching this method:

github.com

discourse/discourse/blob/main/app/controllers/application_controller.rb#L697-L714


      
                  top: Theme.lookup_field(@theme_id, target, "after_header"),
                  footer: Theme.lookup_field(@theme_id, target, "footer"),
                }
              else
                {}
              end
          
            data.merge! DiscoursePluginRegistry.custom_html if DiscoursePluginRegistry.custom_html
          
            DiscoursePluginRegistry.html_builders.each do |name, _|
              if name.start_with?("client:")
                data[name.sub(/\Aclient:/, "")] = DiscoursePluginRegistry.build_html(name, self)
              end
            end
          
            MultiJson.dump(data)
          end

So I think you would want to simplify the function right down to

def redirect_to_login
  dont_cache_page
  cookies[:destination_url] = destination_url
  redirect_to path("/login")
end

Topic		Replies	Views
Change login button action Support	6	1414	July 14, 2020
Discourse, Keycloak, SAML vs OAuth Support	3	1766	September 24, 2020
SimpleSAML login SSO	8	824	April 23, 2023
Discourse-saml, choosing solution Support	14	1829	January 17, 2020
Configure OneLogin's SAML for Discourse Integrations sso , how-to	0	7224	August 18, 2017

Landing page on saml login

Related Topics