66 lines
1.8 KiB
ReStructuredText
66 lines
1.8 KiB
ReStructuredText
|
Discourse
|
||
|
=========
|
||
|
|
||
|
|discourse.jpg|
|
||
|
|
||
|
Presentation
|
||
|
------------
|
||
|
|
||
|
`Discourse <https://www.discourse.org/>`__ is a conversation-oriented
|
||
|
forum engine
|
||
|
|
||
|
Discourse supports `its own Single-Sign-On
|
||
|
scheme <https://meta.discourse.org/t/official-single-sign-on-for-discourse-sso/13045>`__
|
||
|
but is also compatible with standard protocols such as SAML and OpenID
|
||
|
Connect, through plugins.
|
||
|
|
||
|
This documentation illustrates the OpenID Connect plugin.
|
||
|
|
||
|
First, make sure you have set up LemonLDAP::NG 's
|
||
|
:doc:`OpenID Connect service<..//openidconnectservice>` and added
|
||
|
:doc:`a Relaying Party for your Discourse instance<..//idpopenidconnect>`
|
||
|
|
||
|
Discourse can use the following OpenID Connect attributes to fill the
|
||
|
user's profile:
|
||
|
|
||
|
::
|
||
|
|
||
|
* name
|
||
|
* email
|
||
|
* given_name
|
||
|
* family_name
|
||
|
* preferred_username
|
||
|
* picture
|
||
|
|
||
|
Make sure you create a username and password for the Relying Party, and
|
||
|
that the discourse callback URL is allowed :
|
||
|
https://discourse.example.com/auth/oidc/callback
|
||
|
|
||
|
Discourse configuration
|
||
|
-----------------------
|
||
|
|
||
|
Plugin installation
|
||
|
~~~~~~~~~~~~~~~~~~~
|
||
|
|
||
|
Install the `Discourse OpenID Connect
|
||
|
Plugin <https://meta.discourse.org/t/openid-connect-authentication-plugin/103632>`__
|
||
|
according to these instructions
|
||
|
|
||
|
Plugin configuration
|
||
|
~~~~~~~~~~~~~~~~~~~~
|
||
|
|
||
|
Browse to your Discourse admin interface, and to the plugin settings
|
||
|
|
||
|
- openid_connect_enabled: *Yes*
|
||
|
- openid_connect_discovery_document:
|
||
|
https://auth.example.com/.well-known/openid-configuration
|
||
|
- openid_connect_client_id: *Client ID you chose when configuring the
|
||
|
Relying Party*
|
||
|
- openid_connect_client_secret: *Client Secret you chose when
|
||
|
configuring the Relying Party*
|
||
|
- openid_connect_authorize_scope: *openid email profile*
|
||
|
|
||
|
.. |discourse.jpg| image:: /applications/discourse.jpg
|
||
|
:class: align-center
|
||
|
|