SAML Authentication

[obikao]

Request Type

Feature Request

Work Environment

Question	Answer
OS version (server)	Debian
OS version (client)	Win 10
TheHive version / git hash	3.1, ae86da1b7775e8196f99ebb5fd875f7e997d2456
Package Type	From source
Browser type & version	Chrome 69

Feature

While OAuth is the defacto standard for many web applications, SAML2 is still heavily used in many organizations for single sign on, especially with enforcing 2FA on Active Directory. Would it be possible to see an implementation for this in the future?

[legoguy1000]

Any updates on this??

[legoguy1000]

I don't know Scala, but here is a library for SAML. WOuld it be possible for someone to add this to the list. SAML is an enterprise standard for SSO.

https://github.com/pac4j/play-pac4j-scala-demo/tree/master https://github.com/pac4j/play-pac4j

OR is there a way to create a user on HTTP Header Auth like what Moloch does? https://github.com/aol/moloch/pull/1120. This way we can use Apache to do whatever auth we want and just pass the proper params.

[gimmic]

I'm realizing that there does not seem to be SAML2 compatibility in hive 4. Is this accurate?

[legoguy1000]

As far as I know, that is correct. I was able to work around this issue by using Keycloak as my IDP because it supports both SAML and Open ID Connect. But I think it would still be a really good feature for native SAML support.

[gimmic]

In larger environments changing the available IDP is unlikely. Support for SAML2 authentication seems like a sane requirement.