Using Discourse SSO with Mediawiki


(Arseniy Sheatakov) #1

While trying to find ready-to-use solution I’ve seen multiple questions on Internet about that and at least one topic on this forum. I also need to integrate Discourse SSO with Mantis Bug Tracker so I decide to go with more generic code that I might reuse for Mantis as well. Code is very ugly, but it’s works and might help someone.

Read the instruction and activate SSO provider in Discourse

Install Auth_remoteuser extension for MediaWiki

More information about extension:
https://www.mediawiki.org/wiki/Extension:Auth_remoteuser
Make sure to check instructions so you can adjust it’s settings for your needs.

Mirror on GitHub:

You can clone extension from github into your wiki directory:

git clone https://github.com/wikimedia/mediawiki-extensions-Auth_remoteuser.git /path/to/mediawiki/extensions/Auth_remoteuser

Install Discourse SSO client script

  1. Get script from GitHub:
    GitHub - ArseniyShestakov/singlefile-discourse-sso-php: Ugly, but working single-file SSO implementation in PHP
  2. Copy discourse-sso.php into directory with your wiki.
  3. Edit defines on top of file according to your need.
  4. To create database table and test it visit https://your.wiki.domain/discourse-sso.php

You can check databse table contents from command line:

mysql -u wikiuser -pPASSWORD wikidb -e "SELECT * FROM sso_login;"

If everything is fine you’ll see username / email and other information here.

Edit LocalSettings.php

First of all make sure you set createaccount and autocreateaccount permissions properly:

// Forbid account creation by users
$wgGroupPermissions['*']['createaccount'] = false;
// Allow extensions to manage users
$wgGroupPermissions['*']['autocreateaccount'] = true;

After that you’ll need to add code like this to the end of wiki configuration file:

// Discourse authentification
require_once( "$IP/discourse-sso.php" );
$DISCOURSE_SSO = new DiscourseSSOClient();
$SSO_STATUS = $DISCOURSE_SSO->getAuthentication();
if(true === $SSO_STATUS['logged'] && !empty($SSO_STATUS['data']['username']))
{
        $wgAuthRemoteuserUserName = $SSO_STATUS['data']['username'];

        $wgAuthRemoteuserUserPrefs = [
                'email' => $SSO_STATUS['data']['email']
        ];
//        $wgAuthRemoteuserUserPrefsForced = [
//                'email' => $SSO_STATUS['data']['email']
//        ];

        if(!empty($SSO_STATUS['data']['name']))
        {
                $wgAuthRemoteuserUserPrefs['realname'] = $SSO_STATUS['data']['name'];
//                $wgAuthRemoteuserUserPrefsForced['realname'] = $SSO_STATUS['data']['name'];
        }
        wfLoadExtension( 'Auth_remoteuser' );
}

If you uncomment lines with force email / name will be changed not just for newly automatically-created users, but also for existing wiki users.

Test it

Now after you visit https://your.wiki.domain/discourse-sso.php you should be redirected to your wiki and you’ll be logged-in.

Redirect Login URL to SSO script:

I not yet find best easy to change login url so I just used following redirect via nginx:

        if ($request_uri ~* "^.*Special:UserLogin.*$") {
                return 302 https://your.wiki.domain/discourse-sso.php;
        }

To be continued…

This is only tested on wiki of project I worked on and likely . Use on your own risk!

I’ll try to improve this guide as soon as I find better ways to integrate it into Mediawiki.


#2

Hi, I set up SSO for Discourse and Medaiwiki. When i click log in button it gives me 404 error:

**https://site.com/discourse-sso.php?sso=bm9uY2U9ZmM0ODkzYzMwZjE2ZDM1YWJkMDljN2E4NzczYzJkYmI2Y2FhNGU0ZDA3NTg5YTk1NzhkNDIxZWZkOGMyN2Y0OGRiYWViMzA4ZTIzOTQ0MzVkZmYxZTk5NmZmMDAxMGYzMDEyYjk1ZTllZGE0M2E5NTE3NjFkMzdiOGFjMjNkNTQmbmFtZT1TU08mdXNlcm5hbWU9c3NvdGVzdHVzZXImZW1haWw9cG9zdGElNDBnYW1lb2Z0aHJvbmVzdHIuY29tJmV4dGVybmFsX2lkPTEwNDM2JnJldHVybl9zc29fdXJsPWh0dHBzJTNBJTJGJTJGdmlraS5nYW1lb2Z0aHJvbmVzdHIuY29tJTJGZGlzY291cnNlLXNzby5waHAmYWRtaW49ZmFsc2UmbW9kZXJhdG9yPWZhbHNlJmdyb3Vwcz10cnVzdF9sZXZlbF8w&sig=6f21b389bc5bbbf8420addbe9ceacb0dbe6e6d5643a8aab66f20de6058b9ecd4**

HTTP ERROR 404

Any idea?

Edit: I checked database tables. There is no sso_login table in database. :frowning: I fixed it but

mysql> SELECT * FROM sso_login;
Empty set (0.00 sec)

I fixed that too. But still doesn’t work. User’s can’t login wiki after login to Discourse.