项目作者: 42wim

项目描述 :
saml plugin for caddy
高级语言: Go
项目地址: git://github.com/42wim/caddy-saml.git
创建时间: 2018-03-18T20:40:51Z
项目社区:https://github.com/42wim/caddy-saml

开源协议:MIT License

下载


caddy-saml

WIP
Based heavily on https://github.com/crewjam/saml and https://github.com/RobotsAndPencils/go-saml with a little bit of https://github.com/russellhaering/gosaml2

Usecase

Our usecase is to use caddy as a reverse proxy with shibboleth support (instead of using apache,mod_shib and shibd)

Example with cert from disk and tls enabled

  1. https://:443 {
  2. tls /path/cert.pem /path/key.pem
  3. saml {
  4. root_url https://yourdomain.com
  5. disk /path/cert.pem /path/key.pem
  6. idp_metadata https://youridp.com/download/metadata/metadata-yourdomain.xml
  7. /path1 valid-user
  8. /path1 mail email2@domain.com
  9. /path1 require-all
  10. /path2 mail email@domain.com
  11. /hello uid testuid
  12. /hello dump-attributes
  13. }
  14. proxy /hello https://backendserver.com
  15. proxy /path1 http://backend2.com:8080
  16. }

Example with cert from vault

  1. http://:80 {
  2. saml {
  3. root_url https://yourdomain.com
  4. idp_metadata https://youridp.com/download/metadata/metadata-yourdomain.xml
  5. vault_server https://vault.yourdomain.com
  6. vault_path secret/projects/caddy-saml/yourdomain.com
  7. /path1 valid-user
  8. /path1 require-nosession
  9. /path2 mail email@domain.com
  10. /hello uid testuid
  11. /hello dump-attributes
  12. }
  13. proxy /hello https://backendserver.com
  14. proxy /path1 http://backend2.com:8080
  15. }

Example with cert from disk and tls and mysql sessions enabled

  1. https://:443 {
  2. tls /path/cert.pem /path/key.pem
  3. saml {
  4. mysql login:password@tcp(mysql.hostname.com)/caddysaml
  5. root_url https://yourdomain.com
  6. disk /path/cert.pem /path/key.pem
  7. idp_metadata https://youridp.com/download/metadata/metadata-yourdomain.xml
  8. /path1 valid-user
  9. /path1 mail email2@domain.com
  10. /path1 require-all
  11. /path2 mail email@domain.com
  12. /hello uid testuid
  13. /hello dump-attributes
  14. }
  15. proxy /hello https://backendserver.com
  16. proxy /path1 http://backend2.com:8080
  17. }

Issues

The OpenSSL default format for private keys is PKCS-8. We only support PKCS-1 private keys.
A private PKCS-8 formated RSA key can be converted to a private PKCS-1 formated RSA key by:

  1. openssl rsa -in private-pkcs8-key.key -out private.key