Open drio opened 1 year ago
@drio , please take a look at the following links. I am not sure what you mean by separate keys. Upon authentication via SAML IdP, the portal issues its own token and uses its own keys to authenticate access to some path.
https://authp.github.io/docs/authenticate/saml/jumpcloud
https://github.com/authp/authp.github.io/blob/main/assets/conf/saml/jumpcloud/Caddyfile
Thank you for the reply @greenpau.
I am not sure what you mean by separate keys.
When I look at the metadata (xml file) that I use to configure my apache webserver, I see the following:
...
<!-- Simple file-based resolvers for separate signing/encryption keys. -->
<CredentialResolver type="File" use="signing" key="sp-signing-key.pem" certificate="sp-signing-cert.pem"/>
<CredentialResolver type="File" use="encryption" key="sp-encrypt-key.pem" certificate="sp-encrypt-cert.pem"/>
...
My IDP handles the authentication, I just need my webserver to handle the authorization only (via interaction with the IDP). I guessing I only need the saml identity provider
and the authorization policy mypolicy
from the Caddyfile you posted.
@drio, I'm curious about the outcome, were you able to get Shibboleth working with Caddy in the end?
Disclaimer: I have posted this also here. I will make sure I link both once I get things working.
I have successfully added SAML authentication to an Apache server. The IdP I use implements SAML via Shibboleth. Now I want to migrate to Caddy. Thatโs how I discovered this plugin.
The plugin uses the crewjam/saml package. I have used that before successfully on a standalone golang server against the same IdP I want to use for my Caddy server.
There is one caveat though. The current Apache configuration uses two different set of keys for signing and encrypting.
My questions are:
Thank you, -drd