SAML SSO?

[Bengt Wällstedt]

We have been using PWM for years, an absolutely fantastic product! Now we are gathering all internal and external services in federation around a SAML IdP service for SSO between services. I have no experience with CAS which seems to be the only SSO method supported by PWM? Is there a way to federate PWM with our SML IdP?

[gurkb...@gmail.com]

I have the exact same question, perhaps someone has an example on how to make it work with SAML? (using simplesamlphp) http sso or whatever that works ?

[Jason Rivard]

PWM doesn't implement SAML, but it does support OAuth for SSO.

[gurkb...@gmail.com]

I suspected as much.

If anyone has a good working example on how to integrate pwm with simplesamlphp via OAuth please don't be shy and share :)

[Jason Everling]

how are you currently using PWM? Do you have Apache Web server in front? You could use the saml/shib mod in apache then set the sso header username, this would give you Html header sso into pwm.

---

From: pwm-g...@googlegroups.com <pwm-g...@googlegroups.com> on behalf of gurkb...@gmail.com <gurkb...@gmail.com>
Sent: Monday, May 25, 2020 3:25:34 AM
To: pwm-general <pwm-g...@googlegroups.com>
Subject: [pwm-general] Re: SAML SSO?

 

--
You received this message because you are subscribed to the Google Groups "pwm-general" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pwm-general...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/pwm-general/0682ce46-faa6-417b-a606-ef551c0d2d7e%40googlegroups.com.

[Mark Jaroski]

Hi Bengt,

I made PWM work with SAML by putting it behind an Apache reverse proxy running mod_auth_mellon. PWM can consume incoming server variables to identify the user.

Best,

-mark

On Wednesday, 12 October 2016 09:41:05 UTC+2, Bengt Wällstedt wrote: