I have successfully added SAML authentication to an Apache server. The IdP I use implements SAML via Shibboleth. Now I want to migrate the server to Caddy. That’s how I discovered the authorize plugin.
The plugin uses the crewjam/saml package. I have used that before successfully on standalone golang server against the same IdP I want to use for my Caddy server. It should work fine.
There is one caveat though. The current Apache configuration uses two different set of keys for signing and encrypting.
My questions are:
- Can I use caddy authorize plugin to authenticate my domains/endpoints against my SAML IdP?
- Can I use the two separate set of keys to setup the SAML flow or I have to use the same keys for signing and encrypting?