I’m trying to get a clearer understanding for our options with a restructuring project I’m working on. I’ve been searching the forums to get some more insight and while I found a similar query, the OP’s scenario is somewhat different to ours, so I’m creating this as a new topic.
We currently have a WordPress site at
domain.com configured as an SSO client for the Discourse instance at
community.domain.com, but the WP site is being reorganised as a multisite network, e.g.
sub2.newdomain.com, etc and a separate Discourse instance for each site, e.g.
forum.sub1.newdomain.com (or ideally
sub1.newdomain.com/forum, if we can get the subfolder config sorted).
We want our users to have a single identity across all communities and we know how to sync users registering at one WP subsite across the entire network. I understand that one Discourse instance can act as an SSO server for another, but haven’t been able to find confirmation of how this is configured or whether this works for multiple Discourse clients.
So, onto my questions:
- In the scenario as described, is it possible to configure a Discourse instance at, say,
auth.newdomain.comto act as both an SSO server for the WPMS network and all of the Discourse instances linked to the subsites?
- If the answer to the previous question is yes, would it be feasible to configure that “server” instance to only provide authentication-related functionality? Meaning, it would serve no purpose other than to be the authentication “source of truth” for the entire network, regardless of which site a user wished to authenticate against. Or would it be more appropriate to rely on an external authentication solution at this point?