SSO for College Account


(Richard Mohorovich) #1

Hello,

Still waiting for reply on setting this up for forum from school. SSO for students using their student account.

SSO help page for School

Would any be able to provide insight on how to do this? I’ve seen a thread about Shibboleth SSO. Anybody know how much it would cost to get a solution developed?


(Matt Palmer) #2

There’s a Discourse SAML plugin already, which if you’re self-hosting you can just drop right in. Be warned, though, that SAML itself, and the various implementations thereof, are a complete and utter trash fire, and you’ll likely need to do a certain amount of debugging to get it working right. I don’t think we’ve had an Enterprise customer SAML roll out that hasn’t needed some degree of fiddling to get working.


(Richard Mohorovich) #3

Thank you :smiley:

I’m going to try and figure out how to go about getting it working right. Any suggestions as to where to start? Maybe its beyond my skill level (computer programmer diploma courses).


(Matt Palmer) #4

Well, where are you starting from? Do you have Discourse already up and running, as per the setup guide? Have you tried installing the SAML plugin as per the relevant howto topic? Have you configured it? How did you configure it? Have you tried to use it? If so, how did it go? What errors did you receive?


(Richard Mohorovich) #5

I have Discourse up and running. Tomorrow I will try installing the SAML plugin as per the relevant howto topic.


(Richard Mohorovich) #6

Sorry, should’ve mentioned this sooner. I have final exams and project deadlines nearing. So, I’ll have to postpone this a couple weeks till they’re done.

Also, can this be done without support from the college? Or is there information that only they can provide for SSO to work? The intention of using SSO is for easier onboarding, and Sheridan College member validity. The forum is not by the college, but by students for the students.


(Matt Palmer) #7

Every SSO solution I can think of requres some sort of shared secret or other credential to authenticate the portion of the communication between the SSO provider and consumer. So I’m pretty sure you’ll need some sort of cooperation with the college, although if they’re doing SAML correctly, issuing such a credential should not be an undue burden on them (in fact, they should be doing it all over the place already, so one more shouldn’t hurt).