2

I'm really new with SAML SSO. I'm woking with an idp webapp that will support SAML authentication.

The problem is that I will need that other sp authenticate with my idp and I don't want to implement all the protocol in every platform (Python, PHP, Java, etc).

I was thinking if there's a way to implement the sp authentication flow using an apache filter.

Has someone thought about this?

Thanks.

Joaquín M
  • 1,135
  • 1
  • 10
  • 20

2 Answers2

2

Using Shibboleth as a SAML client in conjunction with Apache web server may be an alternative.

Vlad Evtimov
  • 21
  • 2
2

mod_mellon is what you're looking for: https://github.com/UNINETT/mod_auth_mellon

inblueswithu
  • 953
  • 2
  • 18
  • 29
sk_
  • 2,105
  • 17
  • 31
  • 1
    No, I didn't. This module is written by the same team than SimpleSAMLphp. Alternatively, you can try the module from ZXID: http://www.zxid.org/html/mod_auth_saml.html. Those are AFAIK the only opensource modules for Apache. I would be interested in your feedback. – sk_ Sep 10 '11 at 19:52
  • I'm going to test them by monday. By now, I'll set this as an answer ;). Thanks! – Joaquín M Sep 11 '11 at 04:22
  • I have another question. Do you know if this apache modules work with every SAML implementation? It looks like OpenID is more standard.... – Joaquín M Sep 12 '11 at 13:48
  • It should. SAML is normalized by OASIS. OpenID is an industrial standard. Both are meant to be interoperable. – sk_ Sep 12 '11 at 18:02
  • One more thing: OpenID AFAIK addresses only the Browser Web SSO use case. SAML is far more versatile. For example, it is possible to build a Web SSO with no direct communications between the SP and the IDP. This is not possible with OpenID. Aside from Web SSO, SAML can be used for many use case: Web Services security, identity propagation, etc. See http://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf. – sk_ Sep 12 '11 at 18:10