We are trying to use our SSO provider Centrify with Discourse. And we’re having some problems.
We installed the SAML plugin (GitHub - discourse/discourse-saml: Support for SAML in Discourse)
We have Discourse version v1.8.0.beta9 +25
Below are screenshots of the discourse login setup and some of the logs we currently see.
The SAML assertion is sending the NameID(user identifier) variable as our active directory samaccountname(email minus domain @f…com). Main thing is that it seems like the SAML assertion goes to the correct place but discourse is not configured properly to process it. Normally, it gives the ‘Bad CSRF’ which I’m not entirely what it means.
Assertion URL: http: // discourse_web_url/auth/saml/callback
Issuer: http: // cloud.centrify.com/SAML/AppName
Audience: http: // discourse_web_url
Recipient: http: // discourse_web_url/auth/saml/callback
Identity Provider Info:
Sign-In URL: https: // aac0995.my.centrify.com/applogin/appKey/xxxxx-xxxx-xxxxxx-xxxxxxx/customerId/XXXXXXXX
And it has also an associated sign-in certificate
Any help would be greatly appreciated!!