Epic: Plugin System Implementation
Plugin: SAML Authentication
Assignee: Builder (Agent 2)
Priority: P0 (Enterprise blocker)
Estimated Effort: 8-12 hours
Overview
Implement SAML 2.0 authentication to enable enterprise SSO integration.
Current State
Stub implementation returns mock SAML configuration. Real SAML flow not implemented.
Requirements
Implementation
Database Schema
CREATE TABLE plugin_saml_config (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
idp_name VARCHAR(255) NOT NULL,
idp_entity_id VARCHAR(500) NOT NULL,
idp_sso_url VARCHAR(500) NOT NULL,
idp_certificate TEXT NOT NULL,
sp_entity_id VARCHAR(500) DEFAULT 'streamspace',
enabled BOOLEAN DEFAULT true,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);API Endpoints
POST /api/v1/plugins/saml-auth/login - Initiate SAML loginPOST /api/v1/plugins/saml-auth/acs - Assertion Consumer ServiceGET /api/v1/plugins/saml-auth/metadata - SP metadata for IdPPOST /api/v1/admin/plugins/saml-auth/config - Configure IdPGET /api/v1/admin/plugins/saml-auth/config - Get IdP config
Libraries
Use github.com/crewjam/saml for SAML implementation
Testing
Related: #155 (Plugin System Epic)
Epic: Plugin System Implementation
Plugin: SAML Authentication
Assignee: Builder (Agent 2)
Priority: P0 (Enterprise blocker)
Estimated Effort: 8-12 hours
Overview
Implement SAML 2.0 authentication to enable enterprise SSO integration.
Current State
Stub implementation returns mock SAML configuration. Real SAML flow not implemented.
Requirements
Implementation
Database Schema
API Endpoints
POST /api/v1/plugins/saml-auth/login- Initiate SAML loginPOST /api/v1/plugins/saml-auth/acs- Assertion Consumer ServiceGET /api/v1/plugins/saml-auth/metadata- SP metadata for IdPPOST /api/v1/admin/plugins/saml-auth/config- Configure IdPGET /api/v1/admin/plugins/saml-auth/config- Get IdP configLibraries
Use
github.com/crewjam/samlfor SAML implementationTesting
Related: #155 (Plugin System Epic)