Using Discourse SSO with Mediawiki

(Arseniy Sheatakov) #1

While trying to find ready-to-use solution I’ve seen multiple questions on Internet about that and at least one topic on this forum. I also need to integrate Discourse SSO with Mantis Bug Tracker so I decide to go with more generic code that I might reuse for Mantis as well. Code is very ugly, but it’s works and might help someone.

Read the instruction and activate SSO provider in Discourse

Install Auth_remoteuser extension for MediaWiki

More information about extension:
Make sure to check instructions so you can adjust it’s settings for your needs.

Mirror on GitHub:

You can clone extension from github into your wiki directory:

git clone /path/to/mediawiki/extensions/Auth_remoteuser

Install Discourse SSO client script

  1. Get script from GitHub:
    GitHub - ArseniyShestakov/singlefile-discourse-sso-php: Ugly, but working single-file SSO implementation in PHP
  2. Copy discourse-sso.php into directory with your wiki.
  3. Edit defines on top of file according to your need.
  4. To create database table and test it visit

You can check databse table contents from command line:

mysql -u wikiuser -pPASSWORD wikidb -e "SELECT * FROM sso_login;"

If everything is fine you’ll see username / email and other information here.

Edit LocalSettings.php

First of all make sure you set createaccount and autocreateaccount permissions properly:

// Forbid account creation by users
$wgGroupPermissions['*']['createaccount'] = false;
// Allow extensions to manage users
$wgGroupPermissions['*']['autocreateaccount'] = true;

After that you’ll need to add code like this to the end of wiki configuration file:

// Discourse authentification
require_once( "$IP/discourse-sso.php" );
$DISCOURSE_SSO = new DiscourseSSOClient();
$SSO_STATUS = $DISCOURSE_SSO->getAuthentication();
if(true === $SSO_STATUS['logged'] && !empty($SSO_STATUS['data']['username']))
        $wgAuthRemoteuserUserName = $SSO_STATUS['data']['username'];

        $wgAuthRemoteuserUserPrefs = [
                'email' => $SSO_STATUS['data']['email']
//        $wgAuthRemoteuserUserPrefsForced = [
//                'email' => $SSO_STATUS['data']['email']
//        ];

                $wgAuthRemoteuserUserPrefs['realname'] = $SSO_STATUS['data']['name'];
//                $wgAuthRemoteuserUserPrefsForced['realname'] = $SSO_STATUS['data']['name'];
        wfLoadExtension( 'Auth_remoteuser' );

If you uncomment lines with force email / name will be changed not just for newly automatically-created users, but also for existing wiki users.

Test it

Now after you visit you should be redirected to your wiki and you’ll be logged-in.

Redirect Login URL to SSO script:

I not yet find best easy to change login url so I just used following redirect via nginx:

        if ($request_uri ~* "^.*Special:UserLogin.*$") {
                return 302;

To be continued…

This is only tested on wiki of project I worked on and likely . Use on your own risk!

I’ll try to improve this guide as soon as I find better ways to integrate it into Mediawiki.


Hi, I set up SSO for Discourse and Medaiwiki. When i click log in button it gives me 404 error:



Any idea?

Edit: I checked database tables. There is no sso_login table in database. :frowning: I fixed it but

mysql> SELECT * FROM sso_login;
Empty set (0.00 sec)

I fixed that too. But still doesn’t work. User’s can’t login wiki after login to Discourse.