Page MenuHomeDevCentral
Create Task
Maniphest T475

[Login capability] Discourse
Open, NormalPublic
Actions

Description

Allow to login to a Discourse installation, with SSO enabled.

Reference

https://meta.discourse.org/t/official-single-sign-on-for-discourse/13045

Implementation

There is an implementation available of the Discourse SSO protocol available on Composer.

Repository: https://github.com/cviebrock/discourse-php

[CCs users who will be able to test this login feature]

Related Objects
Search...

StatusSubtypeAssignedTask
 OpenNoneT270 Implement SSO on forum.nasqueron.org
 OpenNoneT475 [Login capability] Discourse
 OpenNoneT478 Validate e-mail addresses

Event Timeline

dereckson created this task.Jul 10 2015, 23:34
dereckson raised the priority of this task from to Needs Triage.
dereckson updated the task description. (Show Details)
dereckson added projects: Auth Grove, Forum.
dereckson moved this task to Backlog on the Auth Grove board.
dereckson added subscribers: dereckson, FRWPKumkum, Sandlayth.
dereckson added a parent task: T270: Implement SSO on forum.nasqueron.org.Jul 10 2015, 23:41
dereckson triaged this task as Normal priority.Jul 10 2015, 23:54
dereckson added a subtask: T478: Validate e-mail addresses.Jul 11 2015, 00:56

Discourse uses the mail as main SSO identifier, so validate them would be nice.

dereckson moved this task from Backlog to Add services on the Auth Grove board.Jul 1 2016, 19:31
dereckson added a comment.Feb 16 2023, 19:31

Development moratoire

Per T1771, we're currently considering implementing Keycloak as a reference identity management and SSO login product.

This product exposes a LDAP, OIDC (OpenID Connect) and SAML capabilities to authenticate users and applications. It seems to solve our main problems.

From there, it's not clear what we do with Auth Grove:

  • Scenario A. We drop it, and as users we directly interact with Keycloak. Development is discontinued.
  • Scenario B. Auth Grove is morphed into a front-end to use Keycloak: we expose current information, and interact with Keycloak API (through a generic set of classes to allow to switch to another solution) to set credentials and metadata.
  • Scenario C. We use both Keycloak AND Auth Grove. We don't make integrate with Keycloak at all, to stay independent and not vendor-locked.

While T1771 evaluation is ongoing, a moratoire covers any development activities related to Auth Grove, with the obvious exception of security issues.
This moratoire cover fully or partly this task.

Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator