search

AthenZ / athenz

Open source platform for X.509 certificate based service authentication and fine grained access control in dynamic infrastructures. Athenz supports provisioning and configuration (centralized authorization) use cases as well as serving/runtime (decentralized authorization) use cases.
https://www.athenz.io
Apache License 2.0
883 stars 277 forks source link

Does Athenz supports SAML ? #2570

Open chansdad opened 3 months ago

chansdad commented 3 months ago

Hello Team , does Athenz support SAML ? if not is there any plan to support SAML?

havetisyan commented 3 months ago

Currently we do not. The authentication flow is now Browser -> Athenz UI -> Athenz ZMS (REST Server). So in this ZMS does not really trust Athenz UI and it requires the authentication credentials from Browser to be forwarded to the server for verification. This works quite well if you're using OIDC client as UI just forwards the id token the UI received from your IdP to ZMS which validates the token and determines the identity of the user. If the Browser -> Athenz UI auth is done using SAML then there is no standard way to pass the SAML document to the server as such we typically recommend the use of OIDC. Since you need to write the Authority in ZMS and support your IdP in the UI to handle authentication, nothing stopping your to include such support in your implementation.