Hi All,
I finally got my Discourse site integrated with Shibboleth. It was simple, … once I figured it out .
-
Get Shibboleth working on one web server (need not be the same as your discourse server). Lets call it
shib.univ.edu
. -
Get a directory on
shib.univ.edu
for doing the Discourse SSO. Let’s call itdiscourse-sso
. -
Protect this directory using Shibboleth. If you’re using Apache, it usually means putting something like this in
discourse-sso/.htaccess
:# Shibboleth header AuthType Shibboleth ShibRequireSession On ShibApplicationId default ShibExportAssertion On require shib-user ~ ^.+@univ\.edu$
-
Get a library that does the signing work described in the official Discourse SSO guide. I use cviebrock/discourse-php. Create
sso.php
in here copied from the usage instructions. -
Your
username
andemail
will be in the environment variableeppn
. So if you followed the usage instructions described in cviebrock/discourse-php (link above), then you should just set// Insert your user authentication code here ... // Required and must be consistent with your application $userEmail = getenv( 'eppn' ); // Required and must be unique to your application $userId = strstr( $userEmail, '@', true );
-
Enable the SSO from the official Discourse SSO guide. Make your
sso url
point tohttps://shib.univ.edu/discourse-sso/sso.php
and you should be good.
GI