Setting up SAML with ADFS

We are attempting to use the SAML plugin: GitHub - discourse/discourse-saml: Support for SAML in Discourse to add support for SAML logins with ADFS. However, I don’t seem to be getting very far. I would gladly write up a more details how-to for other folks once I get a better handle on this process.

Currently my biggest issue is I can’t get the “Login with SAML” button to appear.

Here are my more detailed questions about the process:

  1. All the SAML setup is done through the app.yml, correct? There are no real /admin settings or changes that are needed or should be used?
  2. The SAML settings in app.yml settings should be in the env: section?
  3. Double quotes (") should be used around the DISCOURSE_SAML_CERT_FINGERPRINT and the DISCOURSE_SAML_CERT values in the app.yml?
  4. Should DISCOURSE_SAML_CERT include the BEGIN/END CERTIFICATE header/footer?
  5. Should the certificate DISCOURSE_SAML_CERT all be on one line or should there be line breaks?
  6. Is the DISCOURSE_SAML_AUTO_CREATE_ACCOUNT required to be set to TRUE or 1 in order for the login with SAML button to appear? There seemed to be another post on meta that seemed to suggest that it was required.
  7. What logs should I be looking at to determine why the button might not be appearing?

Thanks for any assistance. To be clear, we’ve added the plugin, adjusted app.yml settings and rebuilt and it the button isn’t appearing. The plugin does show that it is installed in /admin/plugins so I feel like I’ve got the basics right, but obviously seem to be missing something importantt and I’m not having much luck finding documentation on the process.

Yes, that would be a good practice.

No.

It should be on a single line. So DISCOURSE_SAML_CERT="MII...."

No.

Now for why the button is not appearing, which keys did you set in the app.yml except for the ones you mention in this post?

1 Like

Thanks for all the clarifications!

This is a brand new install, just for testing this process, so nothing aside from what ./discourse-setup does. The only other plugin on the system is: docker_manager

Here is what my Saml plugin setting section looks like:

I just did a quick test, and just the mere presence of the plugin - without any configuration at all - should be sufficient for the button to appear. (Although without configuration it will not be functional of course).

So it seems like your issue is more in the plugin installation.

Interesting, thanks for the information. I might just blow away /var/discourse and start again then.

Many thanks for all the clarifying points though.

1 Like

To be clear, the plugin URL would be: https://github.com/discourse/discourse-saml.git

@RGJ what versions have you tested the plugin with? After blowing away /var/discourse and rebuilding I am still not seeing a login button. I’ve tried the plugin URL with and without the .git

image

If I do a ./launcher enter app, I see the plugin directory appears to be there:

Still no button :frowning:

image