Uploaded image for project: 'mod-login-saml'
  1. mod-login-saml
  2. MODLOGSAML-66

Spike: Move to NGINX/Apache for SAML2 SP?

    XMLWordPrintable

    Details

    • Type: Story
    • Status: Open (View Workflow)
    • Priority: TBD
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Labels:
      None
    • Template:

      Description

      Overview

      Investigate using an out-of-the-box SAML2 Service Provider (SP) implementation. Both NGINX and Apache have modules/plugins for this type of thing.

      For example: https://github.com/latchset/mod_auth_mellon

      I think the idea is to keep create a module that has a module descriptor, is registered with OKAPI, etc. only instead of being based off Vertx and a java base docker image, it's based off an nginx or httpd image.

      Questions to be answered

      • How doable is this? POC?
      • What about multi-tenancy?
      • What would be required from the frontend? Would it be possible to make this compatible with the existing mod-login-saml API?

      Other Considerations

      • Maybe a hybrid approach would make sense, where some endpoints, e.g. for configuration, etc. which might require some business logic can be handled with a java application (based on vertx/RMB) that's running in the same container. I think we might need to do something like this if we want to avoid breaking changes to the API.

        TestRail: Results

          Attachments

            Issue Links

              Activity

                People

                Assignee:
                cmcnally Craig McNally
                Reporter:
                cmcnally Craig McNally
                Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                  Dates

                  Created:
                  Updated:

                    TestRail: Runs

                      TestRail: Cases