Status: Open (View Workflow)
Affects Version/s: None
Fix Version/s: None
Investigate using an out-of-the-box SAML2 Service Provider (SP) implementation. Both NGINX and Apache have modules/plugins for this type of thing.
For example: https://github.com/latchset/mod_auth_mellon
I think the idea is to keep create a module that has a module descriptor, is registered with OKAPI, etc. only instead of being based off Vertx and a java base docker image, it's based off an nginx or httpd image.
- How doable is this? POC?
- What about multi-tenancy?
- What would be required from the frontend? Would it be possible to make this compatible with the existing mod-login-saml API?
- Maybe a hybrid approach would make sense, where some endpoints, e.g. for configuration, etc. which might require some business logic can be handled with a java application (based on vertx/RMB) that's running in the same container. I think we might need to do something like this if we want to avoid breaking changes to the API.