Official Single-Sign-On for Discourse (sso)

sso

(Dean Taylor) #303

You might want to checkout the “IFRAME” method outlined here:

(search for “IFRAME” in that topic)


(Erick Guan) #304

And Customize admin panel allows your to insert any JavaScript as you like.


(Kane York) #305

Yep, or <embed onload>.


(Michael) #306

I’m having problems when the sso endpoint is behind a Microsoft TMG server. When using forms authentication, Microsoft TMG is blocking urls containing “%0A”.

It appears that ruby’s Base64.encode64 adds line breaks every 60 chars, which then get’s encoded into “%0A” in the sso payload. Would it be possible to change to Base64.strict_encode64 when encoding the payload which omits the line breaks?


(Erick Guan) #307

You will just need to do this:


(Michael) #308

The payload is encoded.

When the user visits httd://discourse.example.com they get redirected to the following url to authenticate.

http://example.com/discourse/sso?sso=bm9uY2U9Y2I2ODI1MWVlZmI1MjExZTU4YzAwZmYxMzk1ZjBjMGI%3D &sig=2828aa29899722b35a2f191d34ef9b3ce695e0e6eeec47deb46d588d70c7cb56

The firewall (Microsoft TMG) in front of http://example.com blocks all request with %0A in the url because it thinks it might an XSS attack. Unfortunately this behaviour can not be changed in the firewall.

I was wondering if the line breaks are really needed in the base64 string, and if not, would it be possible to remove them.

Please note SSO is working on this installation with TMG taken out of the equation.


(Erick Guan) #309

You would dig into one level down to the implementation of base64 encoding in ruby. And your provider implementation would depend on its details if you removed that \n. And yes, I think you will be fine. But be care of the round trip back on the Discourse end. Discourse shall need to process the payload back. If you need to override something, do so with a plugin, do your own tests and follow changes happened in the core.


(Sam Saffron) #310

8 posts were split to a new topic: Having issues downloading avatars from localhost


(Sam Saffron) #311

A post was merged into an existing topic: Having issues downloading avatars from localhost


#312

Hi.

I use Discourse SSO. I can’t figure out how to redirect user to a page where he was before login. Say, user (not logged in) starts from http://localhost:8080/t/example-topic-dummy/22 and clicks Log in button. When he redirected back he sees http://localhost:8080, not the page he started from.

I can use referer field from HTTP headers on my server side to send this info to Discourse which could open this page instead of main Discourse page. Is it possible to do?

Thanks,
Andrey


#313

Hi, Erick.

Could you give me some idea how to implement sso and return to a page where user was before login (not start Discourse page)? It’s my question above.

Thanks,
Andrey


(Erick Guan) #314

Sorry for a lateee reply :frowning:

This could be done quite easily. Setting a return_path in the sso login url can just made so. I believe Discourse includes destination_url in the session to do this by JavaScript internally.


#315

This works well, thanks!


#316

What are the disadvantages if we use our own Sign-in?

If we are using discourse sign in already and then suddenly decided to use your own sign-in? What happens to the users and data inside, can it still be associated to a specific member via email?

Also, what features from Discourse will be disabled if we use our own Sign-in?

Thanks.


(Felix Freiberger) #317

Yes, Discourse will use the email address to associate accounts. Once associated, the link stays intact even if the address is changed, this change will then propagate to Discourse if you enabled that.


#318

@fefrei thanks for this info. So all the discourse features will be intact if we used a new type of sign-in? :slight_smile:


(Felix Freiberger) #319

There are slight changes, e.g. invites will no longer work as before (because Discourse no longer has the power to authenticate new users), but the large majority of features work as expected.


#320

Sorry for my english.

I have a website and a discourse attached to it with sso. The discourse ‘log in’ button link to the sign up page of my website. If the user is already sign in in my website, it create a discourse account and auto-log in. If the User never go to the discourse app, he’ll not have any discourse account.

But i need for some reason to automaticaly create an sso discourse account on each sign up on my website.

How can i do it ? I feel lost.

Thanks

website : viensfairetesdevoirs.com (the discourse link is the one called ‘Récré’)


(Jesse Plautz) #321

@AdamCapriola i’ve been trying to PM you about your discourse > wordpress integration services but I think because I’m a brand new member I can’t see that option. The post in the marketplace is closed so i can’t reply.

I’d like to get a quote from you on migrating to Discourse from BBPress and using PMPro as our membership plugin with SSO throughout. Can you help with this?

Thanks for any info.


(Simon Cossar) #322

Are you using the wp-discourse plugin? You could probably hook into the after_password_reset action and redirect the newly created user to the Discourse forum. That would create the Discourse account, but it might be confusing for the user.

Why do you need to do this? Maybe there is another way to do what you are trying to accomplish.