RGJ
15 أبريل 2019، 7:02م
1
We have two Discourses set up, where one uses SSO against the other one.
sso_overrides_groups has been disabled. It does not seem to work for admin and moderator privileges, when I look at the code those are implemented separately (https://github.com/discourse/discourse/blob/master/app/models/discourse_single_sign_on.rb#L78-L102 )
Is this by design, or is this a bug? Does anyone know a way around this?
4 إعجابات
Any thoughts on this @sam ?
إعجاب واحد (1)
sam
16 أبريل 2019، 12:07ص
3
We are going to need 2 extra site settings here:
https://github.com/discourse/discourse/blob/74c4ef6b5019b110819c24a4df8efc2b7e87ebd5/app/controllers/session_controller.rb#L62-L64
sso_provider_include_groups
sso_provider_include_staff_flags
I think the default is correct though.
4 إعجابات
RGJ
4 سبتمبر 2019، 5:55م
4
Is a PR for this still welcome @sam ?
3 إعجابات
sam
14 سبتمبر 2019، 11:04م
5
Yes, I support adding something here, it will clearly have to live on the consumer side. I do struggle a bit with naming though.
sso_sync_staff, sso_sync_groups maybe? Trouble with sso_sync_groups is that there is naming clash with sso_overrides_groups.
So maybe instead we go with sso_incoming_scopes with a default of staff,groups... then you can select which incoming scopes you allow.
3 إعجابات