I’m testing out a discourse installation for a customer who uses SAML for all its other logins. However, it doesn’t use just one IDP, but 38. In all the other logins this is handled in two different ways, depending on which is more viable for the site/framework in question:
- Custom-built login site that has all 38 IDPs specified as credential providers.
- Apache with mod_shib, configured to use a discovery service to dynamically resolve available IDPs in a federation.
In the second case the apache server (mod_shib) will add some HTTP headers, namely REMOTE_USER, EMAIL, etc, which the underlying application can use as login credentials.
If there is a plugin for Discourse that can handle the second case, I can easily configure an apache proxy in front of my docker for this purpose. I haven’t found a plugin like that. Anyone knows if one exists?