Programmatically adding users when SSO is being used


(Philip Colmer) #1

We’ve got our internal copy of Discourse configured so that SSO has to be used, and it is connected to our LDAP server. That means that any member of staff can easily log on using their common username and password … but their account only gets created when they first log on.

There is some discussion internally about trying to elevate social interaction between staff but a lot of the staff are reluctant to do anything other than use email.

So, I’m trying to figure out how to solve the challenge by using Discourse. I’ve already figured out the actual email aspect of it (i.e. configuring Discourse so that categories have their own inbound email address) but I can see two challenges that I’m not sure how to solve:

  1. Ideally I’d like everyone to have an account on Discourse before they sign into Discourse. The reason for wanting this is so that if they email Discourse without having an account first, Discourse has the user’s full details rather than treating them as anonymous.

  2. I’d like everyone to be able to receive summary emails from Discourse so that they are aware of threads being created (even if they never visit Discourse) … but that also requires the account to exist.

Any suggestions on what I can do? Is there a way I can create accounts in Discourse programmatically so that they tie into SSO when people log on?

Thanks.


(Jay Pfaffman) #2

You can do it via the API. Here’s an example: GitHub - pfaffman/discourse-user-creator: Create an activated user, optionally assigning to group


(Philip Colmer) #3

Thanks … one issue I can think of is that I have to supply a password when creating the user. Presumably, if SSO is being enforced, Discourse actually ignores the password I’ve provided? (Testing would prove that, I guess!)


(Jay Pfaffman) #4

Yeah. Since you’re using SSO the password won’t matter, or can be omitted. Testing would be the way to prove it! If you’d like help and have a budget, my contact info is in my profile.


(Simon Cossar) #5

You can create users with the sync_sso route. There is some PHP code in this post that gives an example of how to do it: If someone changes their email in WordPress, change it in Discourse - sso_sync. In that code, it’s being used to update a user’s email, but the same idea will work to create a new user.