SSO login & logout issues


(Junaid Mailk) #1

Hello,

We have rails application that is working as SSO provider and our forum is SSO consumer. Using Discourse forum available option we have successfully implemented followig flow

Case a)
1- User open forum site(www.new_forum.com).
2- User click on login button, user will be redirected to Rails Site(SSO provider), after verifying credentials rails site send user to forum site.
3- User can create / reply Post. It is working fine.

How can be implement following flows in context of Official Single-Sign-On for Discourse (sso)

Case b)
1 - User login on our rails site.
2 - we want to automatically login him on the forum too as if he will have to click ‘login’ button after landing on forum page following link from our website.
3 - How can we implement this flow? I tried to sync sso using url (http://www.new_forum.com:3000/admin/users/sync_sso?sso=bm9uY2U9KysrKyZlbWFpbD1qdW5haWQubWFsaWslNDBjb25maXouY29tJmV4%0AdGVybmFsX2lkPTgyNTk5NA%3D%3D%0A&sig=f6a965124e7c172bd00825a50bb2ec653dd0443c858c9181e3cafec6691b4b08&api_username=junaid.malik&api_key=3ab5e2211dd548e4cda7daf13ca5edd643329d8f1e6498c0bcd1110e17152f1d) but its not working.

Case c)
1 - User logout from Rails site then how can we logout the user from forum.
2 - I tried url(http://www.new_forum.com:3000/admin/users/junaid.malik/log_out?sso=bm9uY2U9KysrKyZlbWFpbD1qdW5haWQubWFsaWslNDBjb25maXouY29tJmV4%0AdGVybmFsX2lkPTgyNTk5NA%3D%3D%0A&sig=f6a965124e7c172bd00825a50bb2ec653dd0443c858c9181e3cafec6691b4b08&api_username=junaid.malik&api_key=3ab5e2211dd548e4cda7daf13ca5edd643329d8f1e6498c0bcd1110e17152f1d) but its not working.

Regads,
Junaid


Discourse API - Login case SSO Provider to Consumer site
(Junaid Mailk) #2

Hello,

I continued work on above issue “case b” regarding to login on SSO consumer(forum) from SSO provider(Rails app). I explored the forum and came across solution to use GitHub - discourse/discourse_api: Ruby API for Discourse gem to sync SSO record(From SSO provider to SSO consumer) and logout user from SSO Provider. I tried this by following code but it didn’t work because cookies which come in response are not added in response of request used to
authenticate the user. Did anyone face such issue before?

client = DiscourseApi::Client.new("http://www.newforum.com:3000")
client.api_username = "junaid.malik"
client.api_key = "3ab5e2211dd548e4cda7daf13ca5edd643329d8f1e6498c0bcd1110e17152f1d"

user = User.find_by_email("junaid.malik@example.com") 
 
client.sync_sso(
  sso_secret: SSO_SECRET,
  name: user.name,
  username: user.username,
  email: user.email,
  external_id: user.id
)

Regards,
Junaid


(Felix Freiberger) #3

When the user is logged in on your site, modify the link to the forum to end with /session/sso. When the user clicks this link to switch to the forum, this will trigger SSO login.