Being able to proxy requests to a SAML IdP is useful sometimes.
I already have a semi-working implementation and will provide a pull request as soon as it's cleaned up.
that's awesome phil - I can't wait to see it.
I'm currently using https://github.com/RobotsAndPencils/go-saml as the SAML libary.
it has some disadvantages as it executes the xmlsec1 binary to verify SAML signatures, but I haven't seen a native xmlsec go library yet.
This would be awesome!
@philhug how is this going?
@philhug At ScaleFT we recently encountered a need for pure Go SAML implementation that doesn't exec xmlsec1.
We ended up writing this: https://github.com/russellhaering/gosaml2
I'd love to get more eyes on it, if there is anything I can do to facilitate its use in dex let me know.
@philhug What do you think of working on Dex + SAML using the new pure Go libraries that @russellhaering wrote?
@philips I've actually been doing a bit of work recently integrating some of my own saml2 work (for encrypted assertions) with @russellhaering's library, since they ended up being pretty orthogonal. One of my short-term goals is to submit a PR for a saml2 dex connector, since it seems like some of the previous work might have dropped off.
@andrewstuart would love to see this and would be happy to review! Please feel free to open a PR or comment here if you have any further questions.
Hey @andrewstuart, I'm just wondering are you still looking at this? My team would be really interested in a SAML2 connector and may be able to contribute some time and energy. Are you still looking at this?
TBH I haven't looked at it in quite a while. I've contributed a few times to the saml2 library and it definitely worked for validating and decrypting identity assertions last I checked, as well as making signed AuthN requests.
Unfortunately, my main drive for working on it was personal and once the prospect of getting to use it at work dried up, I didn't have quite as much motivation to keep working on it, though I'm definitely still interested in improving the SAML2 library, and helping with a dex integration effort.
We've got an interesting use case so might have a crack at this over the next few weeks. If we do come up with something I'll definitely ping you as we'd be grateful for any input you could give @andrewstuart.
I've added an experimental implementation here https://github.com/coreos/dex/pull/752
Comments very much welcome.
@russellhaering I ended up using your XML signature validation library for this.
As of the last release we promoted this out of experimental. Closing this issue.
Most helpful comment
@philhug At ScaleFT we recently encountered a need for pure Go SAML implementation that doesn't exec
xmlsec1.We ended up writing this: https://github.com/russellhaering/gosaml2
I'd love to get more eyes on it, if there is anything I can do to facilitate its use in dex let me know.