Code Monkey home page Code Monkey logo

caddy-saml's Introduction

caddy-saml

WIP Based heavily on https://github.com/crewjam/saml and https://github.com/RobotsAndPencils/go-saml with a little bit of https://github.com/russellhaering/gosaml2

Usecase

Our usecase is to use caddy as a reverse proxy with shibboleth support (instead of using apache,mod_shib and shibd)

Example with cert from disk and tls enabled

https://:443 {
    tls /path/cert.pem /path/key.pem
    saml {
        root_url https://yourdomain.com
        disk /path/cert.pem /path/key.pem
        idp_metadata https://youridp.com/download/metadata/metadata-yourdomain.xml
        /path1 valid-user
        /path1 mail [email protected]
        /path1 require-all
        /path2 mail [email protected]
        /hello uid testuid
        /hello dump-attributes
 }
proxy /hello https://backendserver.com
proxy /path1 http://backend2.com:8080
}

Example with cert from vault

http://:80 {
    saml {
        root_url https://yourdomain.com
        idp_metadata https://youridp.com/download/metadata/metadata-yourdomain.xml
        vault_server https://vault.yourdomain.com
        vault_path secret/projects/caddy-saml/yourdomain.com
        /path1 valid-user
        /path1 require-nosession
        /path2 mail [email protected]
        /hello uid testuid
        /hello dump-attributes
 }
proxy /hello https://backendserver.com
proxy /path1 http://backend2.com:8080
}

Example with cert from disk and tls and mysql sessions enabled

https://:443 {
    tls /path/cert.pem /path/key.pem
    saml {
        mysql login:password@tcp(mysql.hostname.com)/caddysaml
        root_url https://yourdomain.com
        disk /path/cert.pem /path/key.pem
        idp_metadata https://youridp.com/download/metadata/metadata-yourdomain.xml
        /path1 valid-user
        /path1 mail [email protected]
        /path1 require-all
        /path2 mail [email protected]
        /hello uid testuid
        /hello dump-attributes
 }
proxy /hello https://backendserver.com
proxy /path1 http://backend2.com:8080
}

Issues

The OpenSSL default format for private keys is PKCS-8. We only support PKCS-1 private keys. A private PKCS-8 formated RSA key can be converted to a private PKCS-1 formated RSA key by:

openssl rsa -in private-pkcs8-key.key -out private.key

caddy-saml's People

Contributors

42wim avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.