Hi,
We are trying to use our SSO provider Centrify with Discourse. And we’re having some problems.
We installed the SAML plugin (https://github.com/discourse/discourse-saml)
We have Discourse version v1.8.0.beta9 +25
Below are screenshots of the discourse login setup and some of the logs we currently see.
The SAML assertion is sending the NameID(user identifier) variable as our active directory samaccountname(email minus domain @f…com). Main thing is that it seems like the SAML assertion goes to the correct place but discourse is not configured properly to process it. Normally, it gives the ‘Bad CSRF’ which I’m not entirely what it means.
If I remove the ‘sso url’ setting, then going to the discourse page, Chrome gives me an error with “too many redirects”
I can remove the ‘sso secret’ safely (‘enable sso provider’ is not enabled).
I checked the app.yml settings.
The DISCOURSE_SAML_TARGET_URL is set with the same “sign-in URL” or “SSO URL” above.
The DISCOURSE_SAML_CERT_FINGERPRINT and DISCOURSE_SAML_CERT are set (correctly I hope, I went to SAML X.509 Certificate Fingerprint - Online SHA1 Decoder | SAMLTool.com to generate the fingerprint).
And DISCOURSE_SAML_FULL_SCREEN_LOGIN is set to true
I am a Product Manager and a Developer Advocate with Centrify. It seems that Dean has the Discourse side of things covered here, but I wanted to get in touch and tell you that if at any point you need help with the Centrify side of the configuration, please loop me in and I am happy to help. I can set up a call for all of us to work through this too if that is helpful. You can reach me at devsupport@centrify.com.