Hello,
First and foremost, thanks to the developers of Discourse and everyone who is making great efforts in creating an awesome forum!
I am a Discouse newbie and I am trying to do sso using the CAS sso auth plugin in https://github.com/eriko/cas_sso .
I am currently making some experiments in authenticating users in Discourse using a test web app I am using as CAS server. I have set up discourse in a VM (vagrant) whereas the CAS server runs in the host machine. I have installed the sso plugin and set the values as indicated (i.e. cas_sso_host, cas_sso_port, etc, as it is a non-standard CAS server), with ssh disabled.
One thing that I noticed is that it seems that there seems to be a cross domain protection acting, the following is a message that appears in the console when I go to login in vagrant discourse:
Started GET "/session/csrf" for 10.0.2.2 at 2014-02-14 17:53:12 -0500
Processing by SessionController#csrf as */*
Completed 200 OK in 1ms (Views: 0.2ms | ActiveRecord: 0.0ms)
Here 10.0.2.2 is the ip of the CAS server. This server is accessible from vagrant, I tested access to the CAS server URLs using lynx (everything works fine). I should likely mention also that cas_sso_login_url is set to /login and cas_sso_path is set to /cas in the Discourse sso plugin options. I have been also monitoring requests to /cas/login in the CAS server and none of my login attempts from Discourse have made it there.
I am brand new to Discourse and Ruby, so I am having a bit of a struggle here and any insight would be greatly appreciated.
Thank you very much in advance for your time and excellent disposition.
Best regards,
Moe