jvehent
commented
8 years ago Here's some doc on how SAML and okta work: https://mana.mozilla.org/wiki/display/SVCOPS/SAML+Auth+Proxy+Specification In this page, you can assume that splice is both the "Auth Proxy" and the "Application". This document was written with the idea that we would write a separate proxy to handle SAML, but in most cases it is better to handle it internally.
Splice should require Okta authentication to benefit from both LDAP and MFA. @gene1wood wrote an integration in ipquery that can serve as example: https://github.com/gene1wood/ipquery/blob/master/ipquery/__init__.py#L98-L156 @jdow is the goto man for all things okta and can handle the creation of the application
This issue should block using splice for management of remote::newtab content in the release channel.