Crowd integration for Discourse

@andi moving our conversation from Slack to this thread.

I’m not sure if the plugin I integrated so far helps us a lot, because (now thinking about it) it only provides authentication but not user synchronisation. Discourse does offer a method for user synchronisation and authentication which is, who would have thought, SSO.

Just found another plugin which looks more like it. On the other hand it doesn’t look like it is a very solid and feature-rich solution. What might be better for us PHP hackers is a PHP-based solution I also found this morning. There’s a small script which is used for authentication against Crowd. Looks simple enough and we might as well replace it with our own middleware at some point.

What’s clear though is that we will need some signup form before we can launch Discourse with Crowd. We could start with a standalone script (like slack.neos.io) which allows you to create a new user in Crowd. Later on that should be a plugin for the Neos site. Or right away? I’d be happy if you could take over this task (creating the script / plugin), or we find more volunteers to help us in this quest.

Hi Robert,

thanks for moving the discussion here and your investigations… I will take over and see what I can achieve.

you can do it! :sparkles:

Sorry if I missed previous discussions… But I wonder: Where are you planning to store user data?
Now that we need to ask a lot of people to register it would be the chance to finally have proper SSO based on oAuth2 (that might even be integrated by 3rd party services like conference sites etc).
Or is the plan to provide SSO with established services like Google, Github, …?

The basic user data is stored in Crowd. Crowd also supports custom user attributes which can then be propagated via its REST or SOAP API and through the SSO mechanisms Crowd supports. It’s totally possible and rather easy to include further authentication mechanisms into Crowd; for example, Andi configured our Crowd server to support Open ID as well. But we should start simple …

Discourse supports synchronisation of certain user attributes (name, email address, avatar) via its SSO feature. So, to start with, we can synchronise that user data from Crowd into Discourse. Crowd’s REST API is rather easy to use, so I think it should be pretty easy to create a little frontend in form of a Neos plugin which stores user attributes in Crowd, manages group memberships etc.

Great, thanks for clarifying!
I almost can’t resist to write a CrowdAuthenticationProvider that we could use to login to the neos.io website at some point… :wink:

yes please! It should be a matter of an hour to get that basically working. But let’s wait a little until we have the Crowd setup running so you have something realistic to test with.

@andi you also need to walk me through your setup / puppet configuration at some point. I think in midterm we should convert that into a Docker setup which allows others in the team to quickly run a Crowd instance on their own in order to develop features like the auth provider or to realistically work on the new neos.io site. However, the base server setup. But that’s all for another thread …

yes, sure. It’s just that we have a pretty automized way of updating to new crowd versions working in puppet. But that can for sure be transfered to some docker thingy. Credits for all this puppet magic go to my colleague Lienhart, btw. :slight_smile:

I guessed that (both, the automagic puppeting and that it was Lienhart :smile:). But I converted a lot of Chef cookbooks to Docker orchestration already, should be nice and easy. We need a sponsor so we can sit together for a week and work on the new infrastructure …

Hey,

just wanted to ask how you are progressing along :slight_smile: Would be awesome to open this place up to the general public!

All the best,
Sebastian

No progress from my side on Thursday / Friday, maybe I can work on it tomorrow a little, but we have guests over the weekend.

@sebastian if you’d like to join in, you could create a little Neos plugin which allows people to sign up (username, email address, first name, last name) and passes that information to the Crowd REST API. That plugin would then have to be integrated into neos.io somewhere. For starters I’d even do it so that no local account is involved, just facade for the Crowd API .

Some update: I’ve been working about three days on the Crowd integration and loose ends of the Discourse setup. It’s a lot of fun and also a lot of work. But it will be a nice setup in the end. Andi joined me and is currently implementing a Neos plugin which will provide the login screen, forgot-password-mechanism and will allow people to edit their user data.

We’re on it!

3 Likes

Some update II: Andi and me further worked on the Crowd migration this afternoon. I just successfully imported all (typo3.org) users who ever logged in to jira.typo3.org into our new user base. Which means that once we go live with Crowd, they all will already have a neos.io user - but need to reset their password in order to log in. With that user you’ll be able to login to neos.io, discuss.neos.io and jira.neos.io. And more to come.

1 Like

Another update: technically, the SSO integration works fine now, but the design of id.neos.io is horrible and we are lacking functionality for signing up new users, resetting a user’s password and editing the user profile.

Andi plans to implement these features this week and @newgen / @uhlmann from Dotpulse offered to work on the related Fluid templates / styling. If all goes well, we have all of that done end of this week and can either launch it for the weekend or beginning of next week.

Officially launching Discuss and id.neos.io also means that we’ll write an article about it and thank the sponsors for their contribution (that is: Digital Ocean for the servers, Slack for Slack, netlogix for a lot of work time, Dotpulse for styling and for hosting crowd.neos.io and Flownative also for several days of work).

We’ll keep you posted :wink:

Just to be clear.

id.neos.io is standalone and only the frontend for user registrations, logins, password resets etc.
The styling is based on the Neos login form (dark background, conflicts with the light color scheme of discourse for example).

Are there already any other forms instead of Login.html or should we deliver dummy html forms?

that’s correct. At a later point in time we might migrate the design to shared layout with the new neos.io - but that’s nothing we have to consider now.

I’d rather like to use a white background (like on the demo site) in order to make a clear distinction to the Neos backend. I secretly hope that the new neos.io will also have a light background.

This is the current state: https://youtu.be/EpfR2FMwmds

I created now a pull request, but it is not for production because of demo links/actions.
Click on “Create a new Account” opens the form-field examples,
and there the link “<- Overview” navigates to the an example for the logged in page.

Is this already helpful?
Or do you need support to integrate all the forms? The markup is not very slim…
Should we have a solution for older version than IE9 …? The most users should be geek-like.
Generally I think we have to fix and extend several things if there is the final content.

1 Like

really cool, thanks a lot Stefan! @andi can you review / integrate the change?

Really cool! Thanks a lot! I will start integrating it and see what I would still need. However, looks really good so far, I guess we get a basic version implemented by this for sure.

@andi

Perfect. Ping me when we can help or we can start with the detail work.