-
Notifications
You must be signed in to change notification settings - Fork 34
Providing Single sign on to Discourse
Single sign-on allows your Laddr instance to act as an "identity provider" for your Discourse instance, so your users only need to sign into Laddr and can seamlessly access Discourse without seeing another login prompt or registration form. If they try to access Discourse without a session, they'll just see Laddr's login page in place of Discourse's and be forwarded back to wherever they were going in Discourse.
Pros of Single sign-on:
- Less hoops for your users to jump through
- Reduces your difficult in migrating away from Discourse in the future or adding additional tools
- Promotes consistency in your user data across systems
Cons of Single sign-on:
- Existing users will have to deal with their login process changing
- Some accounts may get duplicated for existing users if there is a mismatch on their email address
- If Laddr goes down you won't be able to access Discourse (you can disable SSO from the Discourse server's shell if needed)
- Visit http://discourse.example.org/admin/site_settings/category/login on your Discourse instance
- Uncheck
enable local loginsandallow new registrations - Check
enable sso - Set
sso urlto http://laddr.example.org/connectors/discourse/login - Set
sso secretto a randomly generated string - Create or override in your Laddr instance php-config/Emergence/Connectors/Discourse.config.php:
<?php
Emergence\Connectors\Discourse::$host = 'discourse.example.org';
Emergence\Connectors\Discourse::$ssoSecret = 'YOUR_GENERATED_SSO_SECRET';If your Discourse instance has already been running for some time and has registered users, you'll need to consider their experience when you switch to SSO. Once SSO is enabled, existing users will no longer be able to sign in with their known username + password. Just let your users know the change is happening and that as long as they register for Laddr with the same email address, they'll still have access to their existing Discourse accounts.
If a user accidentally duplicates themselves in Discourse by signing in with a different email address in Laddr, you can delete their new Discourse account from Discourse's admin area and then either edit their Discourse email address to match their Laddr email address, or have them edit their profile on Laddr. Next time they access Discourse they should be connected to their existing account.