Discourse¶
Presentation¶
Discourse is a conversation-oriented forum engine
Discourse supports its own Single-Sign-On scheme but is also compatible with standard protocols such as SAML and OpenID Connect, through plugins.
This documentation illustrates the OpenID Connect plugin.
First, make sure you have set up LemonLDAP::NG ‘s OpenID Connect service and added a Relaying Party for your Discourse instance
Discourse can use the following OpenID Connect attributes to fill the user’s profile:
* name
* email
* given_name
* family_name
* preferred_username
* picture
Make sure you create a username and password for the Relying Party, and that the discourse callback URL is allowed : https://discourse.example.com/auth/oidc/callback
Discourse configuration¶
Plugin installation¶
Install the Discourse OpenID Connect Plugin according to these instructions
Plugin configuration¶
Browse to your Discourse admin interface, and to the plugin settings
- openid_connect_enabled: Yes
- openid_connect_discovery_document: https://auth.example.com/.well-known/openid-configuration
- openid_connect_client_id: Client ID you chose when configuring the Relying Party
- openid_connect_client_secret: Client Secret you chose when configuring the Relying Party
- openid_connect_authorize_scope: openid email profile