SATOSA
SATOSA copied to clipboard
Proxy translating between different authentication protocols (SAML2, OpenID Connect and OAuth2)
SATOSA
A configurable proxy for translating between different authentication protocols such as SAML2, OpenID Connect and OAuth2.
Table of Contents
-
Installation
- Docker
-
Manual installation
- Dependencies
- Instructions
-
Configuration
- SATOSA proxy configuration: proxy_conf.yaml.example
-
Attribute mapping configuration: internal_attributes.yaml
- attributes
- user_id_from_attrs
- user_id_to_attr
-
Plugins
-
SAML2 plugins
- Metadata
- AuthnContextClassRef
-
Frontend
- Custom attribute release
- Policy
-
Backend
- Name ID Format
- Discovery service
- ForceAuthn option
- Memorize IdP
-
OpenID Connect plugins
- Frontend
- Backend
-
Social login plugins
- Dummy adapters
- Micro-services
-
SAML2 plugins
- Generating proxy metadata
- Running the proxy application
- External contributions
Use cases
In this section a set of use cases for the proxy is presented.
SAML2<->SAML2
There are SAML2 service providers for example Box which is not able to handle multiple identity providers. For more information about how to set up, configure and run such a proxy instance please visit Single Service Provider<->Multiple Identity providers
If an identity provider can not communicate with service providers in for example a federation the can convert request and make the communication possible.
SAML2<->Social logins
This setup makes it possible to connect a SAML2 service provider to multiple social media identity providers such as Google and Facebook. The proxy makes it possible to mirror a identity provider by generating SAML2 metadata corresponding that provider and create dynamic endpoint which are connected to a single identity provider.
For more information about how to set up, configure and run such a proxy instance please read SAML2<->Social logins
SAML2<->OIDC
The proxy is able to act as a proxy between a SAML2 service provider and a OpenID connect provider SAML2<->OIDC
Contact
If you have any questions regarding operations/deployment of SATOSA please use the satosa-users mailing list.