This is a Magda authentication plugin that implements "DiscourseConnect" protocol that is described here:
https://meta.discourse.org/t/official-single-sign-on-for-discourse-sso/13045
Requires MAGDA version 0.0.58 or above.
- Add the auth plugin as a Helm Chart Dependency
- name: magda-auth-discourse-connect
version: 1.0.0
repository: https://charts.magda.io
tags:
- all
- magda-auth-discourse-connect- Config the auth plugin with required parameters
magda-auth-discourse-connect:
discourseBaseUrl: value1
discourseConnectSecret: value2
targetAuthPluginKey: xxx # optionalMore info of the config options can be found from the "Values" section below.
- Config Gatway to add the auth plugin to Gateway's plugin list (More details see here)
gateway:
authPlugins:
- key: discourse-connect
baseUrl: http://magda-auth-discourse-connectMore info on setup can be found from https://meta.discourse.org/t/official-single-sign-on-for-discourse-sso/13045
Specifically, discourse connect url / sso url setting value should be: [Magda deploy base URL]/auth/login/plugin/discourse-connect/sso
discourse connect secret / sso secret setting should be the same as the value of discourseConnectSecret deploy value.
Kubernetes: >= 1.14.0-0
| Key | Type | Default | Description |
|---|---|---|---|
| authPluginConfig.authenticationMethod | string | "IDP-URI-REDIRECTION" |
The authentication method of the plugin. Support values are:
|
| authPluginConfig.iconUrl | string | "/icon.svg" |
the display icon URL of the auth plugin. |
| authPluginConfig.isVisible | bool | false |
whether this auth plugin should be shown to users as an login options |
| authPluginConfig.key | string | "discourse-connect" |
the unique key of the auth plugin. Allowed characters: [a-zA-Z0-9-] |
| authPluginConfig.loginFormExtraInfoContent | string | "" |
Optional; Only applicable when authenticationMethod = "PASSWORD". If present, will displayed the content underneath the login form to provide extra info to users. e.g. how to reset password Can support content in markdown format. |
| authPluginConfig.loginFormExtraInfoHeading | string | "" |
Optional; Only applicable when authenticationMethod = "PASSWORD". If present, will displayed the heading underneath the login form to provide extra info to users. e.g. how to reset password |
| authPluginConfig.loginFormPasswordFieldLabel | string | "Password" | Optional; Only applicable when authenticationMethod = "PASSWORD". |
| authPluginConfig.loginFormUsernameFieldLabel | string | "Username" | Optional; Only applicable when authenticationMethod = "PASSWORD". |
| authPluginConfig.name | string | "DiscourseConnect" |
the display name of the auth plugin. |
| authPluginConfig.qrCodeAuthResultPollUrl | string | "" |
Only applicable & compulsory when authenticationMethod = "QR-CODE". The url that is used by frontend to poll the authentication processing result. See Authentication Plugin Specification for more details |
| authPluginConfig.qrCodeExtraInfoContent | string | "" |
Only applicable & compulsory when authenticationMethod = "QR-CODE". If present, will displayed the content underneath the login form to provide extra info to users. e.g. how to download moile app to scan the QR Code. Can support content in markdown format. |
| authPluginConfig.qrCodeExtraInfoHeading | string | "" |
Only applicable & compulsory when authenticationMethod = "QR-CODE". If present, will displayed the heading underneath the QR Code image to provide extra instruction to users. e.g. how to download moile app to scan the QR Code |
| authPluginConfig.qrCodeImgDataRequestUrl | string | "" |
Only applicable & compulsory when authenticationMethod = "QR-CODE". The url that is used by frontend client to request auth challenge data from the authentication plugin. See Authentication Plugin Specification for more details |
| authPluginRedirectUrl | string | nil |
the redirection url after the whole authentication process is completed. Authentication Plugins will use this value as default. The following query paramaters can be used to supply the authentication result:
global.authPluginRedirectUrl. Unless you want to have a different value only for this auth plugin, you shouldn't set this value. |
| authPluginRedirectUrl | string | nil |
the redirection url after the whole authentication process is completed. Authentication Plugins will use this value as default. The following query paramaters can be used to supply the authentication result:
global.authPluginRedirectUrl. Unless you want to have a different value only for this auth plugin, you shouldn't set this value. |
| autoscaler.enabled | bool | false |
turn on the autoscaler or not |
| autoscaler.maxReplicas | int | 3 |
|
| autoscaler.minReplicas | int | 1 |
|
| autoscaler.targetCPUUtilizationPercentage | int | 80 |
|
| defaultAdminUserId | string | "00000000-0000-4000-8000-000000000000" |
which system account we used to talk to auth api The value of this field will only be used when global.defaultAdminUserId has no value |
| defaultImage.imagePullSecret | bool | false |
|
| defaultImage.pullPolicy | string | "IfNotPresent" |
|
| defaultImage.repository | string | "docker.io/data61" |
|
| discourseBaseUrl | string | nil |
Discourse Site base URL. Compulsory e.g. https://discourse.example.com/ |
| discourseConnectSecret | string | nil |
DiscourseConnectSecrets. Compulsory. |
| global | object | {"authPluginRedirectUrl":"/sign-in-redirect","externalUrl":"","image":{},"rollingUpdate":{}} |
only for providing appropriate default value for helm lint |
| image | object | {} |
|
| replicas | int | 1 |
no. of initial replicas |
| resources.limits.cpu | string | "50m" |
|
| resources.requests.cpu | string | "10m" |
|
| resources.requests.memory | string | "30Mi" |
|
| targetAuthPluginKey | string | nil |
Optional; the installed Magda authentication plugin key. When specified, the plugin identified by the key will be used to authenticate users. At this moment, only NON PASSWORD type plugins can be used. If not specified (default), system will auto pick the first NON PASSWORD type plugin to authenticate users. |