question: Caddy Security as SSO provider

[trueFireblade]

Is it possible to use caddy security itself as a SSO provider (as in a user has to use caddy security UI to even open the site but then also is immediately logged into the application with the account they entered)? Or would you have to use a dedicated SSO provider and integrate that into caddy security? (Sorry if it's a stupid question, I am not that familiar with SSO stuff and never set it up before; from looking at the docs I didn't find anything that seemed to accomplish this, but maybe that's just my lack of knowledge in the topic and I felt like this would be a likely feature)

[greenpau]

@trueFireblade , all questions are fair questions.

Is it possible to use caddy security itself as a SSO provider (as in a user has to use caddy security UI to even open the site but then also is immediately logged into the application with the account they entered)?

Could you please elaborate?

When you login to authentication portal, you get issued a token. If the scope of that token covers you entire domain, e.g. foo.com, then if you browse to "somehost.foo.com" and the issued token will be forwarded together with your request. In turn, "somehost.foo.com" can be evaluate the token for authorization/access purposes.

[trueFireblade]

@greenpau I mean yes, but from what I've seen just reading a cookie does generally not seem to be a typically available option when hosting anything that I haven't written myself. So I meant more in the sense of providing full OpenID or SAML

[greenpau]

So I meant more in the sense of providing full OpenID or SAML

@trueFireblade , no it is not openid or saml “Provider”. I had plans to implement openid, but then abandoned it because keycloak does it pretty well and I did not want to write features available elsewhere.