I am developing a python backend using FastAPI (in docker) and I need to:
- Implement an authentication service that utilizes SSO
- Search the directory for users
- use identity-provider/directory-server in development that is going to be replaced eventually by Microsoft Active Directory (I am developing a mac)
I searched a lot but I am still not sure. What I know now:
- I can use any directory server as long as they support
ldap - through
ldap, I can search the directory - However, SSO does not seem to be a feature in
ldap - SSO can be implemented using
SAML2
Can you please guide me how to setup this. I am not sure how to integrate SAML2 and ldap to work together in my application.
You will need to set up an identity provider (or find an existing one) that:
Your application, acting as a SAML2 SP, would send a SAML2 authentication to this IdP. The IdP then asks the user for credentials and validates them against the directory server, and would produce a SAML2 response back to your SP. Your SP would validate and parse the response, and all things permitting, would let the user through.
An example of such an IdP would be: https://github.com/apereo/cas or https://www.shibboleth.net/products/. Both OSS under Apache v2.