Spike: Move to NGINX/Apache for SAML2 SP?

Description

Overview

Investigate using an out-of-the-box SAML2 Service Provider (SP) implementation. Both NGINX and Apache have modules/plugins for this type of thing.

For example: https://github.com/latchset/mod_auth_mellon

I think the idea is to keep create a module that has a module descriptor, is registered with OKAPI, etc. only instead of being based off Vertx and a java base docker image, it's based off an nginx or httpd image.

Questions to be answered

  • How doable is this? POC?

  • What about multi-tenancy?

  • What would be required from the frontend? Would it be possible to make this compatible with the existing mod-login-saml API?

Other Considerations

  • Maybe a hybrid approach would make sense, where some endpoints, e.g. for configuration, etc. which might require some business logic can be handled with a java application (based on vertx/RMB) that's running in the same container. I think we might need to do something like this if we want to avoid breaking changes to the API.

Environment

None

Potential Workaround

None

Checklist

hide

TestRail: Results

Activity

Show:

Julian Ladisch July 3, 2020 at 4:39 PM

See also the issues listed on and the discussion on https://discuss.folio.org/t/saml-sso-features-and-strategy/2891

Details

Assignee

Reporter

Priority

TestRail: Cases

Open TestRail: Cases

TestRail: Runs

Open TestRail: Runs
Created June 19, 2020 at 5:20 PM
Updated July 3, 2020 at 4:39 PM
TestRail: Cases
TestRail: Runs