zlacker

[parent] [thread] 2 comments
1. ucario+(OP)[view] [source] 2024-07-30 18:43:55
I've written one of these 204-page PDFs before (I think it was more like 20 pages though). The IDPs don't exactly make it easy on their customers to set this stuff up, and the burden ends up on the SP (i.e. you) to document to folks how to use their own IDP.

Incidentally we just shipped something for this. Rather than having to make a 204-page PDF, you can go into SSOReady, generate a setup URL, and give it to customers. Customers can visit that URL and they get a self-serve UI for configuring their SAML connection to your product.

https://ssoready.com/docs/idp-configuration/enabling-self-se...

replies(1): >>mwcamp+Re
2. mwcamp+Re[view] [source] 2024-07-30 20:13:52
>>ucario+(OP)
Wow. My company previously did an SSO implementation for our SaaS where we ran Shibboleth SP behind Apache just for SSO, with a little Python web app using mod_wsgi to call back to the main web app after SSO was completed. But for the customers that we've onboarded to SSO so far, we had to contract with a SAML expert to work with the customer to set it up. This self-service setup might be enough to make it worth our while to migrate to SSOReady.
replies(1): >>crngef+r31
◧◩
3. crngef+r31[view] [source] [discussion] 2024-07-31 06:19:39
>>mwcamp+Re
Sounds horrible, why would you use Shibboleth in $currentyear if you could just use OIDC?
[go to top]