Authorizing endpoints or domains against a Shibboleth IDP (two different set of keys for encrypt/signing) #169
Comments
|
@drio , please take a look at the following links. I am not sure what you mean by separate keys. Upon authentication via SAML IdP, the portal issues its own token and uses its own keys to authenticate access to some path. https://authp.github.io/docs/authenticate/saml/jumpcloud https://github.com/authp/authp.github.io/blob/main/assets/conf/saml/jumpcloud/Caddyfile |
|
Thank you for the reply @greenpau.
When I look at the metadata (xml file) that I use to configure my apache webserver, I see the following: ...
<!-- Simple file-based resolvers for separate signing/encryption keys. -->
<CredentialResolver type="File" use="signing" key="sp-signing-key.pem" certificate="sp-signing-cert.pem"/>
<CredentialResolver type="File" use="encryption" key="sp-encrypt-key.pem" certificate="sp-encrypt-cert.pem"/>
...My IDP handles the authentication, I just need my webserver to handle the authorization only (via interaction with the IDP). I guessing I only need the |
|
@drio, I'm curious about the outcome, were you able to get Shibboleth working with Caddy in the end? |
Disclaimer: I have posted this also here. I will make sure I link both once I get things working.
I have successfully added SAML authentication to an Apache server. The IdP I use implements SAML via Shibboleth. Now I want to migrate to Caddy. That’s how I discovered this plugin.
The plugin uses the crewjam/saml package. I have used that before successfully on a standalone golang server against the same IdP I want to use for my Caddy server.
There is one caveat though. The current Apache configuration uses two different set of keys for signing and encrypting.
My questions are:
Thank you,
-drd
The text was updated successfully, but these errors were encountered: