SSO for dummies

(Cedric) #1

I am sorry to ask this question, but I have been going through many different topics to answer my question but have been struggling with understanding this topic.
(Official Single-Sign-On for Discourse (sso))

Basically I have an existing website (developed by myself in PHP over Symfony framework) with an existing specific registration system and obviously login system.

I have installed Discourse and I would like Discourse to use this website to use my existing website user database for authentication. I have understood how to configure Discourse to ask it to connect to my existing website but now need to develop some code to implement some kind of SSO server for my website.

Is there some HTML/PHP example of such code?

(Rafael dos Santos Silva) #2

PS: Discourse search is amazing

(Cedric) #3

Yes I had seen it but Im confused by what I should do there. If I receive a user and password I can do the authentication against my database, but here they seem to come from my code, not from the payload.

// Insert your user authentication code here …

// Required and must be unique to your application
$userId = ‘…’;

// Required and must be consistent with your application
$userEmail = ‘…’;

// Optional - if you don’t set these, Discourse will generate suggestions
// based on the email address

(Rafael dos Santos Silva) #4

No, that’s not how it works.

SSO assumes that the user is already authenticated in you site. And if he isn’t yet, you just do the same thing you do on the rest of the website: make him auth.

Now the user is authenticated on your site. He goes to the forum. What Discourse does is redirect him back to a special url of your site, like with some parameters. That page does a lot of stuff, and then redirects the user back do Discourse on with other parameters and BOOM the user is authenticated on Discourse. And this happens so fast that users feel like it’s just another page of and not another system, on another server and another ecosystem. It’s that cool.

(Cedric) #5

Ok thank you. I understand the concept better now. Ill make some tests.

(Cedric) #6

I am running into some difficulties implementing this and was wondering if someone was able to help me.

After activating everything, when I click on “Log in”, I am redirected on a 403 page on my Discourse forum

This error (HTTP 403 Forbidden) means that Internet Explorer was able to connect to the website, but it does not have permission to view the webpage.

When looking at the logs on Discourse it seems that the SSO was properly executed:

nonce: e47d04f3d295bbcfcd959f1ca9aac792

Except that the user information is blank.

When looking at my authentication code I confirm that the code was properly called and that the user information was provided and encoded.

Any idea what happened?