<ahref="https://www.discourse.org/"class="urlextern"title="https://www.discourse.org/"rel="nofollow">Discourse</a> is a conversation-oriented forum engine
</p>
<p>
Discourse supports <ahref="https://meta.discourse.org/t/official-single-sign-on-for-discourse-sso/13045"class="urlextern"title="https://meta.discourse.org/t/official-single-sign-on-for-discourse-sso/13045"rel="nofollow">its own Single-Sign-On scheme</a> but is also compatible with standard protocols such as <abbrtitle="Security Assertion Markup Language">SAML</abbr> and OpenID Connect, through plugins.
</p>
<p>
This documentation illustrates the OpenID Connect plugin.
</p>
<p>
First, make sure you have set up LemonLDAP::NG 's <ahref="../openidconnectservice.html"class="wikilink1"title="documentation:2.0:openidconnectservice">OpenID Connect service</a> and added <ahref="../idpopenidconnect.html"class="wikilink1"title="documentation:2.0:idpopenidconnect">a Relaying Party for your Discourse instance</a>
</p>
<p>
Discourse can use the following OpenID Connect attributes to fill the user's profile:
Make sure you create a username and password for the Relying Party, and that the discourse callback <abbrtitle="Uniform Resource Locator">URL</abbr> is allowed : <ahref="https://discourse.example.com/auth/oidc/callback"class="urlextern"title="https://discourse.example.com/auth/oidc/callback"rel="nofollow">https://discourse.example.com/auth/oidc/callback</a>
Install the <ahref="https://meta.discourse.org/t/openid-connect-authentication-plugin/103632"class="urlextern"title="https://meta.discourse.org/t/openid-connect-authentication-plugin/103632"rel="nofollow">Discourse OpenID Connect Plugin</a> according to these instructions
<ahref="discourse.0fea6a13c52b4d4725368f24b045ca84.jpeg"title="View original file"><imgwidth="218"height="64"class="img_detail"alt="discourse.jpg"title="discourse.jpg"src="discourse.6e7dfb78b54a5324836f41bb225c015f.jpeg"/></a>
<ahref="discourse.html"class="action img_backto"accesskey="b"rel="nofollow"title="Back to documentation:2.0:applications:discourse [B]">Back to documentation:2.0:applications:discourse</a></div>
Zimbra use a specific <ahref="http://wiki.zimbra.com/index.php?title=Preauth"class="urlextern"title="http://wiki.zimbra.com/index.php?title=Preauth"rel="nofollow">preauthentication protocol</a> to provide <abbrtitle="Single Sign On">SSO</abbr> on its application. This protocol is implemented in an <abbrtitle="LemonLDAP::NG">LL::NG</abbr> specific Handler.
</p>
<divclass="notetip">Zimbra can also be connected to <abbrtitle="LemonLDAP::NG">LL::NG</abbr> via <ahref="../idpsaml.html"class="wikilink1"title="documentation:2.0:idpsaml">SAML protocol</a> (see <ahref="http://blog.zimbra.com/blog/archives/2010/06/using-saml-assertions-to-access-zimbra.html"class="urlextern"title="http://blog.zimbra.com/blog/archives/2010/06/using-saml-assertions-to-access-zimbra.html"rel="nofollow">Zimbra blog</a>).
</div><divclass="noteimportant">For now, Zimbra isn't supported by Nginx handler. You have to use Apache.
<h3class="sectionedit4"id="configuration_of_lemonldapng">Configuration of LemonLDAP::NG</h3>
<divclass="level3">
<p>
In Manager, go in <code>General Parameters</code>><code>Authentication modules</code> and choose GPG for authentication, users and/or password modules. Then you just have to set GPG database. For example <code>/usr/share/keyrings/debian-keyring.gpg</code>
</p>
<divclass="notetip">You can then choose any other module for users and password.
</div>
<p>
Then, go in <code>GPG parameters</code>:
</p>
<ul>
<liclass="level1"><divclass="li"><strong>Authentication level</strong>: authentication level for this module</div>
</li>
<liclass="level1"><divclass="li"><strong>GPG database</strong>: database to store users GPG public key</div>
<!-- EDIT7 TABLE [827-1348] --><divclass="notetip">To have just one call, you can only set REST authentication, set datas in “info” key response and set Null as User Database.
<!-- EDIT7 TABLE [1025-1546] --><divclass="notetip">To have just one call, you can only set REST authentication, set datas in “info” key response and set Null as User Database.
@@ -148,11 +148,11 @@ After configuring <abbr title="Security Assertion Markup Language">SAML</abbr> S
</p>
<p>
They are available at the EntityID <abbrtitle="Uniform Resource Locator">URL</abbr>, by default: <ahref="http://auth.example.com/saml/metadata"class="urlextern"title="http://auth.example.com/saml/metadata"rel="nofollow">http://auth.example.com/saml/metadata</a>.
They are available at the EntityID <abbrtitle="Uniform Resource Locator">URL</abbr>, by default: <ahref="http://auth.example.com/saml/metadata"class="urlextern"title="http://auth.example.com/saml/metadata"rel="nofollow">http://auth.example.com/saml/metadata</a>. You can also use <ahref="http://auth.example.com/saml/metadata/sp"class="urlextern"title="http://auth.example.com/saml/metadata/sp"rel="nofollow">http://auth.example.com/saml/metadata/sp</a> to have only SP related metadata.
<h3class="sectionedit8"id="register_partner_identity_provider_on_lemonldapng">Register partner Identity Provider on LemonLDAP::NG</h3>
<divclass="level3">
...
...
@@ -315,6 +315,6 @@ Used only if you have more than 1 <abbr title="Security Assertion Markup Languag
<divclass="notetip">The chosen logo must be in Portal icons directory (<code>portal/static/common/icons/</code>). You can set a custom icon by setting the icon file name directly in the field and copy the logo file in portal icons directory
@@ -341,7 +384,7 @@ $('.enteteBouton').click( function (e) {
<divclass="notewarning">It is incompatible with authentication combination because of Apache parameter “SSLVerifyClient”, which must have the value “require”. To enable SSL with <ahref="authcombination.html"class="wikilink1"title="documentation:2.0:authcombination">Combination</a>, use <ahref="#ssl_by_ajax"title="documentation:2.0:authssl ↵"class="wikilink1">SSL by Ajax</a>
<h2class="sectionedit9"id="ssl_by_ajax">SSL by Ajax</h2>
<divclass="level2">
...
...
@@ -358,8 +401,32 @@ If you enable this feature, you must configure 2 portal virtual hosts:
<p>
then declare the second <abbrtitle="Uniform Resource Locator">URL</abbr> in SSL options in the Manager. That's all ! Then you can chain it in a <ahref="authcombination.html"class="wikilink1"title="documentation:2.0:authcombination">combination</a>.
</p>
<divclass="noteclassic">With <ahref="authchoice.html"class="wikilink1"title="documentation:2.0:authchoice">choice</a>, the second <abbrtitle="Uniform Resource Locator">URL</abbr> should be also declared in module <abbrtitle="Uniform Resource Locator">URL</abbr> parameter to redirect user to Portal menu.
</div><divclass="noteimportant"><strong>Content Security Policy</strong> may prevent to submit Ajax Request.
To avoid security warning,
<p>
Go to : <code>General Parameters > Advanced Parameters > Security > Content security policy</code>