PoC Assembly - Discourse SSO by using existing Auth0 Login

Project Overview

TopCoder are planning to use Discourse (http://www.discourse.org/) as the new forum.

Competition Task Overview

Before officially make that, One key point to address is how to reuse the authentication of current TopCoder site (auth0-based).

We want to see if we can use the new site login as the generic/redirect login. handle sso based on this

https://meta.discourse.org/t/official-single-sign-on-for-discourse/13045

You are expected to complete following things.

1. Setup Discourse in TC VM(CentOS 5), detail instructions will be provided in forum.
2. Setup the Discourse to enable SSO, you can use the existing auth0 Login widget at http://community.topcoder.com/tc?&module=Login
3. Update the page to include the PAYLOAD and SIG data when calling the auth0, and the data will  be avaliable to auth0 callback
4. after sucessfully callback from auth0, update the /reg2 callback logic, if the payload is present.
   • Validate the signature, ensure that HMAC 256 of sso_secret,PAYLOAD is equal to the sig
   • Perform whatever authentication it has to
   • Create a new payload with nonce, email, external_id and optionally (username, name, return_url)
   • Base64 encode the payload
   • Calculate a HMAC 256 hash of the using sso_secret as the key and Base64 encoded payload as text
   • Redirect back to http://discourse_site/session/sso_login?sso=payload&sig=sig
5. Verify that the Discourse can login the user properly.
6. Please also make sure the the original logic for /reg2 is not changed.

Technology Overview

• PostgreSQL
• Ruby on Rails
• Redis
• CentOS 5
• Git
• auth0

VM, SVN

VM:

VM specific information is found here: http://www.topcoder.com/wiki/display/docs/VM+Image+2.5.

Upon registration as a submitter or reviewer you will need to request a VM based on the new TopCoder Cockpit/Direct image. To request your image, please use the forum.

Before requesting your VM, you need to ensure that you have an SSH key created and in your member profile. Instructions to do so are here:http://www.topcoder.com/wiki/display/projects/Generate+SSH+Key, and instructions to connect afterwards are here: http://www.topcoder.com/wiki/display/projects/Connect+Using+SSH+Key.

There is a TC Site Resource page that contains documentation / instructions for the VM instance you will be issued upon request. It is located here:http://www.topcoder.com/wiki/display/projects/Cockpit%2CDirect+VM

SVN:

Please email support@topcoder.com to request access to direct trunk and any other SVN paths listed above and below, please include the contest title/link and your user name in the email.

Cockpit: https://coder.topcoder.com/tcs/clients/cronos/applications/direct/trunk

Web Module: https://coder.topcoder.com/internal/web_module/trunk

DB Trunk: https://coder.topcoder.com/internal/database/scripts/trunk

Submission Deliverables

A complete list of deliverables can be viewed in the TopCoder Assembly competition Tutorial at: http://apps.topcoder.com/wiki/display/tc/Assembly+Competition+Tutorials 

Below is an overview of the deliverables:

• Include everything (configuration changes, instructions to configure the forum, code changes etc...) that's needed to show the concepts are working.
• Deployment guide showing how to deploy your submission and verify it works with the user scenarios.

Final Submission

For each member, the final submission should be uploaded to the Online Review Tool.