Dex: connectors: add a SAML

Created on 4 Sep 2015  路  14Comments  路  Source: dexidp/dex

Being able to proxy requests to a SAML IdP is useful sometimes.
I already have a semi-working implementation and will provide a pull request as soon as it's cleaned up.

areconnector help wanted kinenhancement prioritP2

Most helpful comment

@philhug At ScaleFT we recently encountered a need for pure Go SAML implementation that doesn't exec xmlsec1.

We ended up writing this: https://github.com/russellhaering/gosaml2

I'd love to get more eyes on it, if there is anything I can do to facilitate its use in dex let me know.

All 14 comments

that's awesome phil - I can't wait to see it.

I'm currently using https://github.com/RobotsAndPencils/go-saml as the SAML libary.
it has some disadvantages as it executes the xmlsec1 binary to verify SAML signatures, but I haven't seen a native xmlsec go library yet.

This would be awesome!

@philhug how is this going?

@philhug At ScaleFT we recently encountered a need for pure Go SAML implementation that doesn't exec xmlsec1.

We ended up writing this: https://github.com/russellhaering/gosaml2

I'd love to get more eyes on it, if there is anything I can do to facilitate its use in dex let me know.

@philhug What do you think of working on Dex + SAML using the new pure Go libraries that @russellhaering wrote?

@philips I've actually been doing a bit of work recently integrating some of my own saml2 work (for encrypted assertions) with @russellhaering's library, since they ended up being pretty orthogonal. One of my short-term goals is to submit a PR for a saml2 dex connector, since it seems like some of the previous work might have dropped off.

@andrewstuart would love to see this and would be happy to review! Please feel free to open a PR or comment here if you have any further questions.

Hey @andrewstuart, I'm just wondering are you still looking at this? My team would be really interested in a SAML2 connector and may be able to contribute some time and energy. Are you still looking at this?

TBH I haven't looked at it in quite a while. I've contributed a few times to the saml2 library and it definitely worked for validating and decrypting identity assertions last I checked, as well as making signed AuthN requests.

Unfortunately, my main drive for working on it was personal and once the prospect of getting to use it at work dried up, I didn't have quite as much motivation to keep working on it, though I'm definitely still interested in improving the SAML2 library, and helping with a dex integration effort.

We've got an interesting use case so might have a crack at this over the next few weeks. If we do come up with something I'll definitely ping you as we'd be grateful for any input you could give @andrewstuart.

I've added an experimental implementation here https://github.com/coreos/dex/pull/752

Comments very much welcome.

@russellhaering I ended up using your XML signature validation library for this.

As of the last release we promoted this out of experimental. Closing this issue.

Was this page helpful?
0 / 5 - 0 ratings

Related issues

alonl picture alonl  路  4Comments

srenatus picture srenatus  路  3Comments

piotrmsc picture piotrmsc  路  5Comments

lukasmrtvy picture lukasmrtvy  路  5Comments

NexoMichael picture NexoMichael  路  7Comments