Skip to content

Latest commit

 

History

History
74 lines (60 loc) · 3.48 KB

SAML2-to-Social_logins.md

File metadata and controls

74 lines (60 loc) · 3.48 KB
Raw

  1. When the metadata generation script is executed it gathers the metadata from all the backend modules
  2. The metadata generation script creates a new metadata file for every identity provider
  3. The service provider needs to know which identity provider it want to authenticate at. How this is decided is out of scope for this application.
  4. The SAML2 mirror front could handle the dynamic endpoint URL:s generated by the metadata generation script. Based on the url the request is forwarded to the corresponding backend module
  5. The backend communicates with the identity provider and receives user information
  6. The response is converted to an internal representation and returned to the frontend module
  7. The response is returned to the service provider

Installation

After following the installation instructions, the proxy must be configured with a SAML2 frontend and an SAML2 backend.

Configuration

  1. Copy the necessary base configurations from the <satosa_path>/example directory:

    mkdir -p saml2-social/plugins
cp example/{proxy_conf.yaml.example,internal_attributes.yaml.example} saml2-social/
cp example/plugins/frontends/saml2_frontend.yaml.example saml2-social/plugins/
cp example/plugins/backends/{facebook,google}_backend.yaml.example saml2-social/plugins/

  2. Configure the proxy:

  3. Rename proxy_conf.yaml.example to proxy_conf.yaml:

    mv proxy_conf.yaml.example proxy_conf.yaml

  4. Edit the necessary proxy configuration parameters, see the SATOSA proxy configuration section of the proxy configuration instructions for more information. To specify the necessary plugins make sure to include the following configuration parameter values:

    BACKEND_MODULES:
  - saml2-social/plugins/facebook_backend.yaml
  - saml2-social/plugins/google_backend.yaml
FRONTEND_MODULES:
  - saml2-social/plugins/saml2_frontend.yaml

  5. Configure the attribute mapping:

  6. Rename internal_attributes.yaml.example to internal_attributes.yaml:

    mv internal_attributes.yaml.example internal_attributes.yaml

  7. Map the necessary attributes, see the Attribute mapping configuration section of the proxy configuration instructions for more information.

  8. Configure the plugins

  9. Rename plugins/saml2_frontend.yaml.example to plugins/saml2_frontend.yaml and plugins/{facebook,google}_backend.yaml.example to plugins/{facebook,google}_backend.yaml

    mv plugins/saml2_frontend.yaml.example plugins/saml2_frontend.yaml
mv plugins/facebook_backend.yaml.example plugins/facebook_backend.yaml
mv plugins/google_backend.yaml.example plugins/google_backend.yaml

  10. In saml2_frontend.yaml: Change the module configuration parameter to satosa.frontends.saml2.SAMLMirrorFrontend.

  11. Specify the necessary configuration parameters, see the Plugins section of the proxy configuration instructions for more information.

  12. Generate the SAML metadata, see the SAML metadata section of the proxy configuration instructions for more information.

Run

  1. Start the proxy application, see the Running the proxy application section of the proxy configuration instructions for more information.