-
-
Notifications
You must be signed in to change notification settings - Fork 218
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Is samlify IdP suitable for use in production? #525
Comments
@agt-ru The IDP part for samlify only caters the most common use case. We have provided functions to help parsing and construct the response, which are customizable and low level. Samlify is just a library helping you to construct the SAML request and response, performing parsing, signing and encryption in different protocol bindings. |
@tngan thanks for the quick reply. |
Yes, if you have signature and encryption, it should be enough for production, and make sure you are using https. IDP related functions provided in samlify only handle the SAML part, this library does not have restriction on the source of auth information (i.e. user email, role, id, etc), say you need to fetch yourself from the persistence (i.e. adfs, db, etc) before you construct the SAML response. |
Hi, @tngan and the samlify community.
I already have an auth service written in NestJS where users can sign up and sign in, recover their passwords and verify an email. All the credentials are stored in MongoDB, and a session is created by putting JWT in a user's browser cookie.
But now, in order to be able to provide users with a single sign-on to an external Support Desk application, I need a SAML IdP.
Is samlify IdP ready to use in production?
How long you think it would take to make it fully work?
Is this project actively supported or is it just a side-project more to test SAML?
I only know of one other good alternative to it - and it's Keycloak. I haven't used it, though.
Or may be it's better suited for production? How would you compare time and resources to either integrate samlify or Keycloak into an existing auth service or may be to completely replace it?
Or may be it all needs a dedicated team of security and IAM professionals to manage and it's better to stick to a SaaS like FusionAuth or Auth0?
The only kind-of tutorial I found for samlify is a comment in this discussion: #447
May be someone knows an article, how-to or an example to better understand building and IdP with samlify?
I also wanted to ask, when working with samlify/Keycloak and thus developing an IdP, do I need to read a great number of docs on oasis site on SAML? Or is it only for those developers who make something really custom and low-level?
Thanks in advance.
The text was updated successfully, but these errors were encountered: