Continuing the discussion from Is Discourse SSO the solution to all our login related problems?:
I no longer think so, at least, not by building our own SSO server. This is because, after a painful few hours of trial and error development, I present: GitHub - mozilla/discourse-mozillians: Deprecated for: https://github.com/mozilla/discourse-mozilla-iam/
This is essentially the mozillians integration which was in discourse-persona-mozillians
integrated into all authentication systems. This means that we can enable as many auth systems as we want (e.g. Firefox Accounts, Webmaker ID, and Yahoo!) and no matter how a user logs in, they’ll still have their vouched status updated.
This resolves the first reason for using SSO, as for the second reason - giving us complete control over users’ usernames - again I expect we’ll be able to do this through a plugin, or through improving the SSO provider which is built into Discourse (allowing us to use one Discourse instance as an SSO server for all the others).