-
-
Notifications
You must be signed in to change notification settings - Fork 71
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Authorizing endpoints or domains against a Shibboleth IDP (two different set of keys for encrypt/signing) #169
Comments
@drio , please take a look at the following links. I am not sure what you mean by separate keys. Upon authentication via SAML IdP, the portal issues its own token and uses its own keys to authenticate access to some path. https://authp.github.io/docs/authenticate/saml/jumpcloud https://github.com/authp/authp.github.io/blob/main/assets/conf/saml/jumpcloud/Caddyfile |
Thank you for the reply @greenpau.
When I look at the metadata (xml file) that I use to configure my apache webserver, I see the following: ...
<!-- Simple file-based resolvers for separate signing/encryption keys. -->
<CredentialResolver type="File" use="signing" key="sp-signing-key.pem" certificate="sp-signing-cert.pem"/>
<CredentialResolver type="File" use="encryption" key="sp-encrypt-key.pem" certificate="sp-encrypt-cert.pem"/>
... My IDP handles the authentication, I just need my webserver to handle the authorization only (via interaction with the IDP). I guessing I only need the |
@drio, I'm curious about the outcome, were you able to get Shibboleth working with Caddy in the end? |
Disclaimer: I have posted this also here. I will make sure I link both once I get things working.
I have successfully added SAML authentication to an Apache server. The IdP I use implements SAML via Shibboleth. Now I want to migrate to Caddy. That’s how I discovered this plugin.
The plugin uses the crewjam/saml package. I have used that before successfully on a standalone golang server against the same IdP I want to use for my Caddy server.
There is one caveat though. The current Apache configuration uses two different set of keys for signing and encrypting.
My questions are:
Thank you,
-drd
The text was updated successfully, but these errors were encountered: