merenber
/
saml-passthrough
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
34 KiB
 
Tag: Branch: Tree: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
Max Erenberg af865567df
use Wants dependency on Apache 		1 year ago
systemd use Wants dependency on Apache 1 year ago
.gitignore first commit 1 year ago
README.md use Wants dependency on Apache 1 year ago
config.json first commit 1 year ago
go.mod first commit 1 year ago
go.sum first commit 1 year ago
main.go first commit 1 year ago
service_provider_provider.go first commit 1 year ago
session_provider.go first commit 1 year ago

README.md

saml-passthrough

This program is intended to run behind the Apache mod_auth_mellon module. It receives ADFS user information from Apache over FastCGI, then passes it back to Keycloak (which is acting as a SAML SP).

Create a new keypair

openssl req -newkey rsa:2048 -nodes -keyout idp.key -x509 -out idp.crt -days 3680 -subj '/CN=SAML Passthrough/O=Computer Science Club'

Make sure to renew the cert in ten years.

Apache config

Add the following snippet to /etc/apache2/sites-real/csc (and make sure mod_proxy_fcgi is enabled):

<Location /keycloak/saml/ >
  SetHandler "proxy:unix:/run/saml-passthrough/server.sock|fcgi://localhost"
</Location>
<Location /keycloak/saml/sso >
  AuthType Mellon
  MellonEnable auth
  Require valid-user
</Location>