feature request: use Logto as a SAML provider

[gao-sun]

What problem did you meet?

Although Logto can serve as an OAuth/OIDC IdP, it'll be better if SAML is also available for the IdP option.

Describe what you'd like Logto to have

Use Logto as an SAML IdP

[lbennett-stacki]

Hi @gao-sun, what did you have in mind for this? A per-client toggle for auto-setting grants, maybe "Skip consent" or "Trusted first party client", or something more involved?

[gao-sun]

Hi @gao-sun, what did you have in mind for this? A per-client toggle for auto-setting grants, maybe "Skip consent" or "Trusted first party client", or something more involved?

I’m still investigating what scenarios SAML would fit. Would like to tell me why this toggle is needed? Are you referring to use Logto as the IdP for a third party application?

[lbennett-stacki]

I’m still investigating what scenarios SAML would fit. Would like to tell me why this toggle is needed? Are you referring to use Logto as the IdP for a third party application?

Yep! Not something I'm looking for urgently, but interested in letting 3rd parties use the logto provider in the future for their own "Log in with [my_service]" button. I'm not a seasoned auth engineer in any way, I think what I'm looking for is in here https://github.com/logto-io/logto/blob/master/packages/core/src/routes/interaction/consent.ts#L49-L51, instead of adding missing scopes by default, a consent UI would load, requesting the user to accept the scope addition.

But no worries if it's still getting spec'd out and I'm way off. I'll watch this space.

[CHOMNANP]

It would be very helpful to have this.

[ImSingee]

I want to integrate logto with Jira. But unfortunately, Jira only supports SAML.

Since logto can act as OIDC IdP, I think support as SAML IdP may become possible too.

+1 for this

[louis-sicko]

Hey, I would love to have SAML support, so I can use it with my Zero Trust Platform and pass through the roles to the service where the users login with saml