WP Discourse SSO Plugin

(Stephen) #23

The official Discourse WordPress plugin now supports SSO.

(Kyler Boudreau) #24

Oh it does? NICE. Man, this is awesome. I can’t believe I almost used BB Press. Thanks for responding.

(etc) #25

Has the SSO support been fixed in the official plugin? It was broken for the longest time.

As I’m aware, the official plugin is still broken for many SSO implementations for some reason.


(Kyler Boudreau) #26

I’d love to know on this too. I’m using a standard Discourse install setup by Discourse at Digital Ocean. I just want to use my WordPress site to handle user account management, so that if I disable a user in WordPress they are also removed from Discourse access.

I found this plugin as well:

It sounds like it does what I need. Just SSO - nothing more.

(Jonathan Williamson) #27

For what it’s worth, this SSO plugin by @etc is driving the CG Cookie community and we’ve not yet had a single issue with it.

If SSO with Wordpress is all you want then it’ll do the trick.

Note: that Primetime WP Discourse SSO is the same one as this tread.

(Kyler Boudreau) #28

Thanks man… I just saw that plugin. I’ll give it a try. Appreciate the tip!

(Stephen) #29

I would check with @benword on the state of SSO before writing it off. We use it without problem.

If there are issues I’m surprised that @etc isn’t assisting/contributing, rather than pushing an alternative. Are there really any benefits in maintaining multiple plugins (one of which is official) that do exactly the same thing?

(etc) #30

This post is unwarranted, unfair and predicated on false information.

  1. I did reach out to @benword directly about this issue when it was first reported. I work with him on other projects as well, in fact.
  2. I actually did work with a couple of people on trying to resolve the issue to no avail. The implementation is slightly different in my version than the official one. If you would have taken the time to check the issue before speaking recklessly, you would have actually seen my participation in that issue specifically in an attempt to resolve the issue.
  3. The plugin I wrote came first, before the support was ever baked into the main plugin.
  4. There are still a number of individuals that use the PT plugin because it does specifically what it was meant to do, does it well, and nothing more. The community has also contributed to the development of the PT plugin. Not everyone needs a monolithic plugin. Sometimes they just want SSO support and nothing more, so they use this plugin. So yes, there are benefits to maintaining separate solutions, especially when one works perfectly, is a lightweight plugin for a specific purpose and came first.
  5. I’m not “pushing” a thing. I didn’t even mention the plugin in my response. But given the fact that this is my own thread, I do think it would have been reasonable.
  6. It is this specifically this kind of nonsense that can often undermine the rewarding nature of contributing to open source. Thanks for reminding me that no matter what you contribute, there will always be somebody who is displeased.

(Jake Jackson) #31

This is the exact reason we use the PT plugin. Super simple to set up and use. Good work @etc.

(pjv) #32

Mucho thanks to @etc for both the pt-wp-discourse SSO plugin and for his help some months ago when I was first trying (read: “failing”) to debug the SSO functionality in the “official” wp-discourse plugin.

I pushed a PR today that I think finally fixes the SSO problem in the “official” plugin.

(etc) #33

Major kudos on this @pjv!!!

(Mực Tàu) #34

I actually don’t know how to Generate a random string to use as the secret key. I don’t have any knowledge in coding. Would you please help?

(etc) #35

This is simpler than you realize :smile: You can use any string - the idea of randomization is just for security.

There are lots of random string generators available online. Here is one.


(Mực Tàu) #36

Would you please make a tutorial video how to install your plugin into wordpress website?
I still get stuck.
Let me illustrate what I could do:

  • Firstly, I installed your plugin successfully of course.
  • Next step, in Discourse Settings:
    My domain is abc.com for example.
    +, Secret Key (Random string that will be the same on both your WP and Discourse installation): What I can only do is fill a random such as: 39APB7197M.
    +, Discourse URL: I fill: ask.abc.com
    But this does not work.
    Please help.
    Thank you so so much :smile:

(etc) #37

I’m currently traveling overseas, but will be back in Taiwan this week. I’ll see if I can provide a video instruction. If you don’t hear from me in a few days, please ping me by replying and tagging me so I’m reminded. Thanks!

(Jake Hower) #38

I notice this plugin doesn’t sync logouts in Wordpress and Discourse.

What would it take to be able to have logouts sync?

(etc) #39

Both ways? Or just one way log out sync?


@etc - I would also be interested in a both ways login / out sync.

Also, I wonder if it is possible to support WooCommerce better? WooCommerce login page is at mysite.com/my-account/ so it would be good to have it so that users can sign in there, rather than wp-login.php

Do you have any advice on how to do both of these things?


@etc for the WooCommerce support, how about some code like this:

// Not logged in to WordPress, redirect to WordPress login page with redirect back to here
      if ( ! is_user_logged_in() ) {
        function filter_woocommerce_login_redirect( $redirect, $user ) { 
        // Preserve sso and sig parameters
        $redirect = add_query_arg();

        // Change %0A to %0B so it's not stripped out in wp_sanitize_redirect
        $redirect = str_replace( '%0A', '%0B', $redirect );

    return $redirect; 
// add the filter 
add_filter( 'woocommerce_login_redirect', 'filter_woocommerce_login_redirect', 10, 2 );         
        // Build login URL
        $login = get_permalink( get_option('woocommerce_myaccount_page_id') );

        // Redirect to login
        wp_redirect( $login );

I’m thinking that there could be another if clause to determine whether WooCommerce is installed, or perhaps a menu item tick box to decide whether to use this login page or the standard.

What do you think?


That code does not seem to work actually…it does not redirect the person.