You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Disclaimer: I have posted this also here. I will make sure I link both once I get things working.
I have successfully added SAML authentication to an Apache server. The IdP I use implements SAML via Shibboleth. Now I want to migrate to Caddy. That’s how I discovered this plugin.
The plugin uses the crewjam/saml package. I have used that before successfully on a standalone golang server against the same IdP I want to use for my Caddy server.
There is one caveat though. The current Apache configuration uses two different set of keys for signing and encrypting.
My questions are:
Can I use this plugin to authorize my domains/endpoints against my SAML IdP?
Can I use the two separate set of keys to setup the SAML flow or I have to use the same keys for signing and encrypting?
When I started working with SAML and crewjam/saml I found this example very useful to get things going. What would be the Caddyfile to implement that with Caddy and the auth plugin? Maybe I can add it to the examples/docs.
Thank you,
-drd
The text was updated successfully, but these errors were encountered:
@drio , please take a look at the following links. I am not sure what you mean by separate keys. Upon authentication via SAML IdP, the portal issues its own token and uses its own keys to authenticate access to some path.
When I look at the metadata (xml file) that I use to configure my apache webserver, I see the following:
...
<!-- Simple file-based resolvers for separate signing/encryption keys. -->
<CredentialResolvertype="File"use="signing"key="sp-signing-key.pem"certificate="sp-signing-cert.pem"/>
<CredentialResolvertype="File"use="encryption"key="sp-encrypt-key.pem"certificate="sp-encrypt-cert.pem"/>
...
My IDP handles the authentication, I just need my webserver to handle the authorization only (via interaction with the IDP). I guessing I only need the saml identity provider and the authorization policy mypolicy from the Caddyfile you posted.
Disclaimer: I have posted this also here. I will make sure I link both once I get things working.
I have successfully added SAML authentication to an Apache server. The IdP I use implements SAML via Shibboleth. Now I want to migrate to Caddy. That’s how I discovered this plugin.
The plugin uses the crewjam/saml package. I have used that before successfully on a standalone golang server against the same IdP I want to use for my Caddy server.
There is one caveat though. The current Apache configuration uses two different set of keys for signing and encrypting.
My questions are:
Thank you,
-drd
The text was updated successfully, but these errors were encountered: