Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Try Vanilla Forums Cloud product

In this Discussion

Ready to contribute?

Amazing! Sign our contributors' agreement and then join us on GitHub.

Update for critical security issue in PHPMailer included in release Vanilla 2.3.1

Vanilla WordPress External Identity Provider (IDP) and SSO - RFC

Hello,
Now that I've done about 1 1/2 Vanilla integration's into 1-off custom sites, I am thinking about rolling this forum platform out to all of our wordpress sites as well (we operate around 20, some with forums). Because of the complexity of an External IDP, I wanted to throw out my thoughts to this forum for feedback.

The main idea is a single sign on between wordpress and vanilla. Here is my first guess on how to achieve this.

Here is my thoughts, which uses simpleSam:

        IDP   <-----> simpleSaml   <-----> WordPress  <--------- Vanilla with WordPress Plugin
                           |
                           |
                       WordPress   <--- Vanilla with WordPress Plugin, ( etc. and more )

So basically, all WordPress sites talk to the simpleSaml system for authentication. SimpleSaml get's it's auth from the IDP. Vanilla logs into WordPress using the plug-in.

Thoughts? Thx.

Donovan

Comments

  • x00x00 MVP

    or have a simple saml pluign for vanilla.

    grep is your friend.

  • Indeed.. I don't yet know what would be better / easier.

  • x00x00 MVP

    jsConnect is ok but I would say connecting directly to simpleSam would be more robust and less fragile.

    You can extend vanilla to add connection and authorisation methods. jsConnect would be an example of that.

    grep is your friend.

  • @x00 I just realized you are talking about me creating a plugin. I'm not sure I'm up for that, technically-wise. I thought at first Vanilla had a solution for SAML, but it appears it's only for the paid services??

    https://vanillaforums.com/en/features/single-sign-on/

    I guess I'll see if the wordpress will work, if not, will probably look for another open-source forum solution with SAML compatibility.

    Cheers,
    Donovan

  • Though I made a request to make vanilla's SAML Addon open source, I've got this working quite well using jsconnect and vanilla's wordpress plugin. There are some tricks when using vanilla with a simplesamle IDP that has it's own authentication app, such as in single sign out redirects and sign-in URL's.. but I am proof it's possible.

    I'm updating this thread in the case that anyone needs help with this sort of setup... I'm happy to offer what I know.

    Maybe this will all change when / if vanilla starts releases it's newer versions as stable open-source releases... but for now, I have a roadmap for what I have described above using v 2.3.1

    Donovan

    R_J
Sign In or Register to comment.