connectors: add warning to the SAML connector

Add a warning to indicate that this connector is unmaintained and likely vulnerable to auth bypasses. dexidp/dex#1884 Signed-off-by: Eric Chiang <ericchiang@google.com>
dexidp · Dec 16, 2020 · 345acf5 · 345acf5
1 parent d4f5409
commit 345acf5
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/content/docs/connectors/saml.md b/content/docs/connectors/saml.md
@@ -8,6 +8,10 @@ toc: true
 weight: 30
 ---
 
+## WARNING
+
+The SAML connector is unmaintained, likely vulnerable to authentication bypass vulnerablities, and is under consideration for deprecation (see [#1884](https://github.com/dexidp/dex/discussions/1884)). Please consider switching to OpenID Connect, OAuth2, or LDAP for identity providers that support these protocols. If you have domain expertise in SAML/XMLDSig and would like to volunteer to maintain the connector please comment on the discussion.
+
 ## Overview
 
 The SAML provider allows authentication through the SAML 2.0 HTTP POST binding. The connector maps attribute values in the SAML assertion to user info, such as username, email, and groups.