New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implement SAML 2 external provider #181

Merged
merged 10 commits into from Sep 24, 2018

Conversation

Projects
None yet
3 participants
@mraerino
Contributor

mraerino commented Aug 23, 2018

- Summary

These changes will enable GoTrue to perform SSO with any SAML 2.0 compliant auth provider.

It is based on the mostly stable lib gosaml2

Changes:

  • /authorize?provider=saml will redirect to the SAML provider
  • /saml/acs processes the SAML callback post data
  • /saml/metadata exposes SAML metadata
  • config.external.saml accepts provider config
  • auto-generates cert & key if no custom keypair provided

Config for the provider at external.saml looks like :

{
    "enabled": true,
    "metadata_url": "<URL to IdP metadata>",
    "api_base": "<URL of GoTrue API root>",
    "name": "<override provider name in identity widget>",
    "signing_cert": "<PEM-encoded X509 cert for signing>",
    "signing_key": "<PEM-encoded private key for singing>"
}

There is a PR for the netlify-identity-widget to support this provider and allow provider names overrides: netlify/netlify-identity-widget#150

Tested with:

  • G Suite
  • Okta
  • Azure AD
  • Auth0

- Test plan

My tests cover:

  • One successful authorization flow
  • Field value verification in authorization flow
  • Some fields of the SP metadata endpoint

- Description for the changelog

Add support for external SAML 2 SSO provider

- A picture of a cute animal (not mandatory but encouraged)


Disclaimer: Netlify is paying me for this. This is based on previous negotiations with them.

@vmorsell

This comment has been minimized.

Show comment
Hide comment
@vmorsell

vmorsell Sep 24, 2018

Great work @mraerino! Any idea when it will be merged and implemented?

vmorsell commented Sep 24, 2018

Great work @mraerino! Any idea when it will be merged and implemented?

@mraerino

This comment has been minimized.

Show comment
Hide comment
@mraerino

mraerino Sep 24, 2018

Contributor

@vmorsell I don't know. Someone from Netlify still needs to review this. They seem pretty busy with things these days.

If you want to use this feature in your own gotrue deployment you could just use my branch and build it yourself. Should be straight-forward, at least when using the Dockerfile.

Contributor

mraerino commented Sep 24, 2018

@vmorsell I don't know. Someone from Netlify still needs to review this. They seem pretty busy with things these days.

If you want to use this feature in your own gotrue deployment you could just use my branch and build it yourself. Should be straight-forward, at least when using the Dockerfile.

@rybit

rybit approved these changes Sep 24, 2018

@rybit rybit merged commit c9327d4 into netlify:master Sep 24, 2018

1 check passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment