IntenseWebs/discourse
3
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-02-25 18:55:32 -06:00
Code Issues Packages Projects Releases Wiki Activity

FEATURE: allow multiple secrets for Discourse SSO provider

Browse Source 
This splits off the logic between SSO keys used incoming vs outgoing, it allows to far better restrict who is allowed to log in using a site.

This allows for better auditing of the SSO provider feature
This commit is contained in:
Maja Komel
2018-10-15 07:03:53 +02:00
committed by Sam
parent 6acdea37c4
commit 27e732a58d
15 changed files with 459 additions and 230 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
config/locales/server.en.yml
View File

@@ -1319,6 +1319,7 @@ en:
enable_sso_provider: "Implement Discourse SSO provider protocol at the /session/sso_provider endpoint, requires sso_secret to be set"
sso_url: "URL of single sign on endpoint (must include http:// or https://)"
sso_secret: "Secret string used to cryptographically authenticate SSO information, be sure it is 10 characters or longer"
sso_provider_secrets: "A list of domain-secret pairs that are using Discourse as a SSO provider. Make sure SSO secret is 10 characters or longer. Wildcard symbol * can be used to match any domain or only a part of it (e.g. *.example.com)."
sso_overrides_bio: "Overrides user bio in user profile and prevents user from changing it"
sso_overrides_groups: "Synchronize all manual group membership with groups specified in the groups sso attribute (WARNING: if you do not specify groups all manual group membership will be cleared for user)"
sso_overrides_email: "Overrides local email with external site email from SSO payload on every login, and prevent local changes. (WARNING: discrepancies can occur due to normalization of local emails)"
@@ -1862,6 +1863,11 @@ en:
max_username_length_exists: "You cannot set the maximum username length below the longest username (%{username})."
max_username_length_range: "You cannot set the maximum below the minimum."
placeholder:
sso_provider_secrets:
key: "www.example.com"
value: "SSO secret"
search:
within_post: "#%{post_number} by %{username}"
types:

7
config/site_settings.yml
View File

@@ -341,6 +341,13 @@ login:
sso_secret:
default: ''
secret: true
sso_provider_secrets:
default: ''
type: list
list_type: secret
placeholder:
key: "sso_provider.key_placeholder"
value: "sso_provider.value_placeholder"
sso_overrides_groups: false
sso_overrides_bio: false
sso_overrides_email: