v8-archive icon indicating copy to clipboard operation
v8-archive copied to clipboard

Published 20 hours ago verified publisher icon directus

SAMLv2 IDP SSO integration

Open mathielen opened this issue 4 years ago • 7 comments

Feature Request

Ability to integrate with a SAMLv2 SSO IDP for sso authentication

What problem does this feature solve?

Authenticate with any SAMLv2-based SSO

How do you think this should be implemented?

Same way you already did with the "SocialProvider"

Would you be willing to work on this?

Yes. Also, I already implemented it for our project as kind of a prototype. The code is based on this awesome library: https://github.com/lightSAML/lightSAML. Although it works for our case (on directus 8.5.5), I'm not quite sure if it would be worth it to clean it up and publish it on github as you guys already have a better implementation ready for directus 9? Happy to publish it, if it helps anyone.

Best regards Markus

mathielen avatar Apr 19 '20 19:04 mathielen

Thank you, Markus — really appreciate the request and offer to publish your work! 😄

I'll defer to @rijkvanzanten (tech lead) on this one...

benhaynes avatar Apr 20 '20 15:04 benhaynes

Hey there,

So I did a little cleanup, wrote some readme and pushed it here: https://github.com/mathielen/directus-saml2

I'm not perfectly sure whether I integrated the way it was intended but it seems to work.

There is one more thing, that I didnt understand or might be something that is missing in directus: That is - to make the social_providers/sso functionality actually be extendable. Because It seems that the whole sso-authentication-logic is based on the actual directus configuration file which in turn is guarded by the Config-schema. That effectively makes it impossible to add another social_provider as an extension. Again, not sure if I got everything right...

Hope my code may help somebody or even samlv2 will be integrated into the directus core - which would be fantastic!

Thank you for this awesome open-source product!

mathielen avatar May 03 '20 20:05 mathielen

Thanks @mathielen! This is awesome... we'll take a look ASAP (everyone's pretty busy on v9/v10, but we'll find time). I don't know enough about the code to answer your question, but @rijkvanzanten probably can give an answer/guidance on auth adapter extensibility. Again, really appreciate the help! ❤️

benhaynes avatar May 04 '20 13:05 benhaynes

Hey is there any update on this ?

SimonKlausLudwig avatar Jan 06 '21 10:01 SimonKlausLudwig

Hey guys, any update on the subject?

Azumi0 avatar May 11 '21 09:05 Azumi0

I'd love to see SAML integration into Directus as well, it would definitely open the possibilities to allow usage of the project to a wider audience. Please let us know if some help is required!

waza-ari avatar Jan 28 '22 10:01 waza-ari

@waza-ari — did you mean to post this on our legacy version 8 repo?

benhaynes avatar Jan 28 '22 12:01 benhaynes