Osso is a source available microservice for adding SAML based SSO to your app. Deploy Osso to your infrastructure of choice, use the Osso Admin UI or osso-react to configure SAML for your customers that demand it, and sign them in to your application using OAuth with one of our OAuth client libraries, omniauth-osso or passport-osso.
|
osso |
osso-rb |
osso-react |
omniauth-osso |
passport-osso |
-
Treat SAML like OAuth: SAML is clunky, and you're probably already using OAuth. Osso provides an OAuth server, an Admin UI for managing OAuth clients, and OAuth client libraries for Ruby and NodeJS. Let Osso worry about the ugly SAML bits and customer configuration while your team focuses on your core application.
-
SAML Config in Osso's UI or yours: For every customer who demands SAML SSO, you'll need to go through a multistep process of creating a secure handshake between Osso and the customer's SAML provider. Get started quickly by configuring your customers' SAML providers in the Osso Admin UI, or allow your customers to perform configuration themselves in your UI with hooks and components from our React library osso-react.
-
Docs for everyone: SAML is an open specification, but each Identity Provider uses specific terminology and offers their own workflows for adding a new application. Osso generates PDF documentation with the data your customer needs to configure your app in any provider, and provides thorough documentation for your team who integrates and manages your Osso instance.
The fastest way to get started is to deploy to Heroku. Heroku will deploy your app, generating required ENV variables, and boostrapping your instance's database.
We also offer paid hosted plans that can reduce the integration workload on your development team.
Git-based deploys are another recommended way to deploy and maintain your own Osso instance. Updates will primarily be made in osso-rb and osso-react, libraries that provide the core functionality, so be sure to stay on top of updates.
When a user wants to sign in to your application with SAML, send them to Osso with their email domain as part of an OAuth 2.0 authorization flow. Osso routes the user to their SAML provider, normalizes the payload, and sends them back to your application to complete the OAuth flow.
Use omniauth-osso or passport-osso for more convenience.
Osso's primary documentation is at ossoapp.com. Key sections include:
- Overview - Learn about Single Sign-On and SAML, why your customers want it and how to integrate it using Osso.
- Quick start - A brief overview of a typical timeline for integrating Osso.
- Deployment - Guides for deploying Osso to Heroku, via git or Docker, plus how to keep your instance up to date.
- OAuth Setup - Authenticating SAML users to your application via OAuth.
- Using Osso - A walk-through of the main functionality in our Admin UI.
We'd be thrilled to receive community contributions, but please note that Osso is owned and managed by a for-profit company, EnterpriseOSS, and you will not be compensated for your contributions. The goal of the project is to provide boilerplate code that you can evaluate to be certain you're confident running it in production, lowering the cost of adding better security for your customers while staying off of the SSO Wall of Shame.
Osso is developed and maintained by EntepriseOSS with a Business Source License. BSL is used by companies like Sentry and MariaDB. While not technically an open source license according to OSI, you are only prohibited from using Osso to compete with hosted Osso plans offered by EnterpriseOSS. See the full license text.