Discourse is a conversation-oriented forum engine

Discourse supports its own Single-Sign-On scheme but is also compatible with standard protocols such as SAML and OpenID Connect, through plugins.

This documentation illustrates the OpenID Connect plugin.

First, make sure you have set up LemonLDAP::NG ‘s OpenID Connect service and added a Relaying Party for your Discourse instance

Discourse can use the following OpenID Connect attributes to fill the user’s profile:

* name
* email
* given_name
* family_name
* preferred_username
* picture

Make sure you create a username and password for the Relying Party, and that the discourse callback URL is allowed : https://discourse.example.com/auth/oidc/callback

Discourse configuration

Plugin installation

Install the Discourse OpenID Connect Plugin according to these instructions

Plugin configuration

Browse to your Discourse admin interface, and to the plugin settings

  • openid_connect_enabled: Yes

  • openid_connect_discovery_document: https://auth.example.com/.well-known/openid-configuration

  • openid_connect_client_id: Client ID you chose when configuring the Relying Party

  • openid_connect_client_secret: Client Secret you chose when configuring the Relying Party

  • openid_connect_authorize_scope: openid email profile