I finally got my Discourse site integrated with Shibboleth. It was simple, … once I figured it out .
Get Shibboleth working on one web server (need not be the same as your discourse server). Lets call it
Get a directory on
shib.univ.edufor doing the Discourse SSO. Let’s call it
Protect this directory using Shibboleth. If you’re using Apache, it usually means putting something like this in
# Shibboleth header AuthType Shibboleth ShibRequireSession On ShibApplicationId default ShibExportAssertion On require shib-user ~ ^.+@univ\.edu$
eppn. So if you followed the usage instructions described in cviebrock/discourse-php (link above), then you should just set
// Insert your user authentication code here ... // Required and must be consistent with your application $userEmail = getenv( 'eppn' ); // Required and must be unique to your application $userId = strstr( $userEmail, '@', true );
Enable the SSO from the official Discourse SSO guide. Make your
sso urlpoint to
https://shib.univ.edu/discourse-sso/sso.phpand you should be good.