SSO: Support multiple "sso url"s


(Sascha Hlusiak) #1

We want to use discourse in an unusual scenario where we have 400+ different IdP instances with one central discourse instance as the SP. We initiate SSO from these 400+ portal pages by redirecting to /session/sso, which will redirect to the one configured “sso url”. It would be nice if we could specify the IdP URL in this request, possibly with a whitelist in Discourse.

We currently work around this by querying the /session/sso endpoint server side, extract the Location header of the redirect, and perform the redirect manually.

(Sam Saffron) #2

I am not against adding flexibility here provided the default remains as is today, if you create a carefully tested PR I would consider merging it.

(Sascha Hlusiak) #3

Hi Sam,

thank you very much for your response. Unfortunately my ruby skills are like non-existent and I don’t think I’ll be able to create a PR any time soon for this feature request.