Research regarding Shibboleth integration

[PazYanoverr]

It seems like KeyClock has an integration with Shibboleth, and since we are going to have a KeyClock plugin, supporting Shibboleth may become an easy task.
Let's have a quick research in order to better understand KeyClock integration with Shibboleth, and whether we can easily support it

[mulygottlieb]

Useful resources:

• https://github.com/drstearns/passport-uwshib
• https://www.passportjs.org/packages/passport-uwshib/
• https://www.blog.albert-stark.de/p/shibboleth-and-keycloak/
• https://keycloak.discourse.group/t/keycloak-with-shibboleth-saml-idp-attributes/13129

[mulygottlieb]

This is a high-risk task since we do not have access to a Shibboleth instance to test with. It seems that the relevant customer might not have direct access as well - but via a separate department. Therefore, we anticipate the actual testing and integration to be painful.

Options are to give it as a private-plugin (Passport strategy specific to a single customer Shibboleth instance), or as a generic SAML based authentication plugin that we would test with some SAML-compatible IdP which isn't Shibboleth, and then let the customer test with Shibboleth

[PazYanoverr]

After research, the chosen path forward is by implementing a generic SAML-SSO plugin, and using Shibboleth' SAML 2.0 capabilities (and QA the plugin with Shibboleth guest accounts to be supplied externally). This is tracked in
https://github.com/amplication/private-issues/issues/109