SAML Recipes#
This section contains recipes and guides for SAML-based Single Sign-On (SSO) with the Janssen Project.
Shibboleth Identity Provider#
The Janssen Project includes an integrated Shibboleth IDP for SAML 2.0 Identity Provider functionality. The Shibboleth IDP delegates authentication to the Janssen Auth Server, enabling all Janssen authentication methods for SAML-based SSO.
Quick Links#
- Shibboleth IDP Overview
- Installation Guide
- Configuration
- Helm Deployment
- Config API
- Terraform Provider
SAML Topics#
| Topic | Description |
|---|---|
| Shibboleth IDP | SAML 2.0 Identity Provider based on Shibboleth 5.1.6 |
| Federation | Joining identity federations |
| IDP-Initiated SSO | IDP-initiated authentication flows |
| SP Configuration | Configuring Service Providers |
Architecture#
┌─────────────────┐ ┌─────────────────┐ ┌─────────────────┐
│ SAML Service │ │ Shibboleth │ │ Janssen Auth │
│ Provider │────▶│ IDP │────▶│ Server │
└─────────────────┘ └─────────────────┘ └─────────────────┘
│ │ │
│ SAML AuthnRequest │ OAuth/OIDC │
│──────────────────────▶│──────────────────────▶│
│ │ │
│ │◀──────────────────────│
│ SAML Response │ User Identity │
│◀──────────────────────│ │
Use Cases#
Enterprise SSO#
Use the Shibboleth IDP to provide SAML SSO for enterprise applications that require SAML authentication, such as: - Salesforce - Box - ServiceNow - Microsoft 365 (via SAML) - Custom enterprise applications
Federation#
Join identity federations like InCommon or eduGAIN to enable cross-organizational authentication.
Legacy Application Support#
Support legacy applications that only understand SAML while maintaining modern authentication at the identity provider.
Related Documentation#
- Auth Server - OAuth 2.0 and OpenID Connect
- Agama - Custom authentication flows
Contribute
If you'd like to contribute to this document, get started with the Contribution Guide
