Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/ollide/spring-discourse-sso-boot

Discourse SSO for Spring Boot
https://github.com/ollide/spring-discourse-sso-boot

discourse discourse-sso spring-autoconfigurations spring-boot-2 sso

Last synced: 11 days ago
JSON representation

Discourse SSO for Spring Boot

Host: GitHub
URL: https://github.com/ollide/spring-discourse-sso-boot
Owner: ollide
License: mit
Created: 2019-09-25T12:19:09.000Z (over 5 years ago)
Default Branch: develop
Last Pushed: 2019-09-25T15:55:14.000Z (over 5 years ago)
Last Synced: 2024-11-18T13:29:56.055Z (2 months ago)
Topics: discourse, discourse-sso, spring-autoconfigurations, spring-boot-2, sso
Language: Java
Size: 35.2 KB
Stars: 1
Watchers: 2
Forks: 2
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# Discourse SSO for Spring (Boot) Security

With this library you can use Discourse as a SSO provider for your Spring
(Boot) application.

## Discourse SSO Provider

The Discourse SSO provider is described on
[meta.discourse.org](https://meta.discourse.org/t/using-discourse-as-a-sso-provider/32974).

Discourse SSO provider must be enabled and configured with a (site specific) secret inside the admin settings.

![Discourse SSO Configuration](images/discourse_config.png)

### SSO Flow Summary

1. Redirect to `DISCOURSE_ROOT_URL/session/sso_provider?sso=PAYLOAD&sig=SIGNATURE`, where
- `sso` is a Base64 & URL encoded payload consisting of a `nonce` and a `return_sso_url`
- `sig` is a HMAC-SHA256 signature of the Base64 encoded payload
2. Login procedure or instant redirect from Discourse to the `return_sso_url`
3. Validate and process response parameters `sso` and `sig`
- Compute signature of `sso` and compare with `sig`
- Validate `sso.nonce`
- Create Spring Security Authentication from `sso` payload

## spring-discourse-sso-autoconfigure

This project comes with AutoConfiguration support.

- Add `spring-discourse-sso-autoconfigure` dependency:

```

org.ollide
spring-discourse-sso-autoconfigure
CURRENT_RELEASE

```

- Configure `spring-discourse-sso` inside your `application.properties`:

```
discourse.sso.secret=***************
discourse.sso.discourseUrl=https://<>/session/sso_provider
```

- Optional customizations:

- The application's login endpoint defaults to `/login/discourse` and can
be customized with the property `discourse.sso.loginPath`

- The `return_sso_url` defaults to `/login/discourse/success` and can be
customized with the property `discourse.sso.returnPath`

## spring-discourse-sso

If you don't want to use AutoConfiguration support, you must use
`spring-discourse-sso` directly:

```

org.ollide
spring-discourse-sso
CURRENT_RELEASE

```

The key components to look for are:
- `DiscourseSigner`: Takes the SSO secret, signs & validates the payloads
- `SsoEndpoint`: Triggers the redirect to Discourse
- `DiscourseSsoVerificationFilter`: ServletFilter for the response, validates and attempts authentication
- `DiscoursePrincipal`: The Principal that can be accessed through Spring's SecurityContext after successful
authentication