Will it be possible to use custom authentication methods?

(Valts) #1

Sometimes you want a forum that doesn’t use OpenID but rather some homebrew login system (or even SSO). For example, when you already have a large userbase and a login system for the rest of your website.

Will Discourse allow writing of authentication plugins? And disabling the built-in authentication schemes?

(Nicholas Perry) #2

[quote=“Vilx, post:1, topic:2474”]n you already have a large userbase and a login system for the rest of your website.

Will Discourse allow writing of authentication plugins? And disabling the[/quote]

It looks like it supports a simple username/password system. Perhaps you could leverage that feature?

Personally I’m against trusting a random site with my password/account and much prefer open-auth. Far too many systems don’t salt their passwords and handle things wrong. I trust Google to do things securely more than some random website admin.

I would like a way to better integrate SSO within an organization though. Using active directory or something like that would make it much easier to integrate into pre-existing environments. I’m using LastPass to get basically the same results for my personal usage day-to-day, but many end users for private discourse servers would need to depend on their local IT to get it up and running.

(Ted Lilley) #3

To expand on this, the Spree commerce framework is a good model for pluggable authentication. They are getting ready for multitenancy not just for multiple instances of their own software but also as an engine sitting next to other engines (Refinery CMS for one) in the same rails app. They’ve separated their authentication system into a separate gem which is replaceable.

Looking at how they’re approaching it might offer some insight and direction for the Discourse developers.

(Jeff Atwood) #4

The intention is for it to be compatible with plugging in your own custom auth, yes.

As to where we are on that today, well… that’s what is in GitHub!

(Nicholas Perry) #6

Time to learn ruby on rails!

(Sam Saffron) #7

Discourse now using omniauth it comes with a fairly insane amount of strategies: List of Strategies · omniauth/omniauth Wiki · GitHub

We will continue to ship with a small amount of login providers enabled by default, but are totally open to adding more methods (some in core, some in plugins) as we go.

(Ariel Jannai) #8

So if omniauth allow ldap authentication to Active Directory, I would be able to add the provider to my installation of Discourse as a plugin, or it should be integrated inside Discourse from your side?

(William Denniss) #9

Really glad you’re going to support this. SSO is very useful when the discussion aspect is part of a larger site experience. Very cool to be able to link site user profiles with their discourse accounts for deeper customisation. I think it’s lame when sites don’t support SSO within their own systems and you end up with multiple accounts.

Would you frown on a modification that removed all login choices, forcing the user to use their existing account through the parent site’s SSO?

(Sam Saffron) #10

No, this is totally reasonable for a plugin to do.

(Mike Maloney) #11

I have exactly the same use case.

I want to be able to add LDAP authentication to our discourse installation. In fact, we want this to be the only authentication for our group.

It’s been over a year since this thread was started. What is the status of plugable authentication now?