{"id":13557704,"url":"https://github.com/fmarco76/DiscourseSSO","last_synced_at":"2025-04-03T12:30:58.686Z","repository":{"id":32846315,"uuid":"36439902","full_name":"fmarco76/DiscourseSSO","owner":"fmarco76","description":"SSO Discourse Application to allow SAML authentication","archived":true,"fork":false,"pushed_at":"2024-05-11T20:04:25.000Z","size":43,"stargazers_count":14,"open_issues_count":0,"forks_count":8,"subscribers_count":2,"default_branch":"master","last_synced_at":"2024-11-04T08:35:41.093Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/fmarco76.png","metadata":{"files":{"readme":"README.rst","changelog":"CHANGELOG.rst","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2015-05-28T13:24:18.000Z","updated_at":"2024-10-18T16:51:41.000Z","dependencies_parsed_at":"2024-11-04T08:30:46.118Z","dependency_job_id":"0209ef55-f55c-4d9f-83a2-2dd0c9612b2e","html_url":"https://github.com/fmarco76/DiscourseSSO","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fmarco76%2FDiscourseSSO","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fmarco76%2FDiscourseSSO/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fmarco76%2FDiscourseSSO/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fmarco76%2FDiscourseSSO/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/fmarco76","download_url":"https://codeload.github.com/fmarco76/DiscourseSSO/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247002185,"owners_count":20867420,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-01T12:04:29.999Z","updated_at":"2025-04-03T12:30:58.150Z","avatar_url":"https://github.com/fmarco76.png","language":"Python","readme":"=========================\nDiscourse SSO application\n=========================\n\n| |travis| |coveralls| |scrutinizer| |codacy| |license|\n\n.. |travis| image:: http://img.shields.io/travis/fmarco76/DiscourseSSO/master.png?style=flat\n    :alt: Travis-CI Build Status\n    :target: https://travis-ci.org/fmarco76/DiscourseSSO\n\n.. |coveralls| image:: https://coveralls.io/repos/fmarco76/DiscourseSSO/badge.svg?style=flat\n    :alt: Coverage Status\n    :target: https://coveralls.io/r/fmarco76/DiscourseSSO\n\n.. |scrutinizer| image:: https://img.shields.io/scrutinizer/g/fmarco76/DiscourseSSO/master.png?style=flat\n    :alt: Scrutinizer Status\n    :target: https://scrutinizer-ci.com/g/fmarco76/DiscourseSSO/\n\n.. |codacy| image:: https://www.codacy.com/project/badge/ff8b39c8455d4f2ca4ead7e034f6b6d6\n    :alt: Codacy Status\n    :target: https://www.codacy.com/app/marco-fargetta/DiscourseSSO\n\n.. |license| image:: https://img.shields.io/github/license/fmarco76/DiscourseSSO.svg?style=flat \n    :alt: License\n    :target: http://www.apache.org/licenses/LICENSE-2.0.txt\n\n\nDiscourse SSO application implements the SSO protocol requested by `discourse\nforum application \u003chttp://www.discourse.org\u003e`_. The real authentication is\nperformed by the web server running the application which is responsible of\nverify the requests coming from discourse and prepare the token to send back\nafter the authentication.\n\n\nRequirements\n------------\n\nDiscourseSSO application can execute in any web server supporting python code.\nHowever it has been tested only with *apache httpd server* using *mod_wsgi* and\nthese are described in the installation section.\n\nThe authentication has to be performed by the web server and this require an additional\nmodule. The module has to provide the user information the in application environment.\nThis is the case with many modules like *mod_shibboleth* for **SAML** described\nin the installation.\n\n\nInstallation\n------------\n\nFor the installation we consider Discourse container has been installed in the server\nand work properly with local accounts.\n\nPrepare the server where DiscourseSSO has to be deployed. The server could be\nthe same of the Discourse server using the same *nginx* to execute the sso code or an\nadditional *apache httpd* server taking care of not create conflict with the ports.\n\nThe installation of httpd server has to include *mod_wsgi* to execute the code, *mod_ssl*\nto have the authentication over https and *mod_shib* (or equivalent) to implement the\nauthentication.\n\nAfter the installation of all modules httpd has to be configured to work on the ssl port.\nIf mod_ssl comes with your distribution it should include the basic configuration,\notherwise have a look at the `apache httpd documentation \u003chttp://httpd.apache.org/docs/\u003e`_\nfor your specific version. The standard http port **80** will not be used so it could be\ndisabled.\n\nThe next step is to configure mod_shib in order to allow the authentication\nusing saml (for details on mod_shib configuration look at the `official wiki\n\u003chttps://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPConfiguration\u003e`_).\n\nWhen the server is properly configured download/clone the **DiscourseSSO** package\nfrom `GitHub \u003chttps://github.com/fmarco76/DiscourseSSO\u003e`_ in a directory accessible\nby apache. Configure mod_wsgi to include the source code of the package and add\nthe ``DiscourseSSO.wsgi`` script to the location to use for Discourse. Finally, shibboleth\nhas to protect the authentication directory so the user has to go to the IdP in order\nbe accepted. The configuration should look like: ::\n\n    WSGIDaemonProcess discourse threads=5 python-path=\u003cpath-to-discourse\u003e/DiscourseSSO/src\n    WSGIScriptAlias /DiscourseSSO /var/www/DiscourseSSO/DiscourseSSO.wsgi\n    WSGISocketPrefix /var/run/wsgi\n    .\n    .\n    \u003cDirectory /var/www/DiscourseSSO\u003e\n        WSGIProcessGroup discourse\n        WSGIApplicationGroup %{GLOBAL}\n        Order deny,allow\n        Allow from all\n    \u003c/Directory\u003e\n    \u003cLocation /DiscourseSSO/sso/auth\u003e\n        AuthType shibboleth\n        ShibCompatWith24 On\n        ShibRequestSetting requireSession 1\n        require shib-session\n    \u003c/Location\u003e\n\nFinally, both Discourse and DiscourseSSO need to be configured. Enable the sso in\nDiscourse following the `official documentation \u003chttps://meta.discourse.org/t/official-single-sign-on-for-discourse/13045\u003e`_.\nThe sso url to is the one going to your DiscourseSSO installation plus ``sso/login``, so using\nthe above configuration the url is ``https://\u003cyour-domain\u003e/DisocurseSSO/sso/login``.\n\nThe sso_secret is a random string and has to be the same in both services. The configuration\nfile of DiscourseSSO is ``src/discoruseSSO/config.py`` and it require the secret key (``DISCOURSE_SECRET_KEY``),\nthe url of Discourse (``DISCOURSE_URL``) and the name of the environment variables\nwhere mod_shib will provide the user information(``DISCOURSE_USER_MAP``). This is a\nmap where the key is the attribute provided back to Discourse whereas the values\nare the name of the variables to lookup. The name can be generated combining different\nvalues but the other accept only one value. Default are good for a SAML based\nauthentication but for other authentication mechanism you have to modify them accordingly.\n\nAfter the configuration restart the apache httpd daemon and enable the sso in Discourse.\n","funding_links":[],"categories":["Python","others"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffmarco76%2FDiscourseSSO","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffmarco76%2FDiscourseSSO","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffmarco76%2FDiscourseSSO/lists"}