Using caddy Authorize plugin against a Shibboleth IDP

drio · September 29, 2022, 7:37pm

I have successfully added SAML authentication to an Apache server. The IdP I use implements SAML via Shibboleth. Now I want to migrate the server to Caddy. That’s how I discovered the authorize plugin.

The plugin uses the crewjam/saml package. I have used that before successfully on standalone golang server against the same IdP I want to use for my Caddy server. It should work fine.

There is one caveat though. The current Apache configuration uses two different set of keys for signing and encrypting.

My questions are:

Can I use caddy authorize plugin to authenticate my domains/endpoints against my SAML IdP?
Can I use the two separate set of keys to setup the SAML flow or I have to use the same keys for signing and encrypting?

Thank you,
-drd

francislavoie · September 30, 2022, 1:30am

You’ll get better help with this by asking on the caddy-security repo itself

drio · September 30, 2022, 11:57am

Thank you. Question posted here.

system · October 29, 2022, 7:38pm

This topic was automatically closed after 30 days. New replies are no longer allowed.