blob: 43d3390ab703b523bc164e3a5c3ec4b6033941a8 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
# Spike
1. Twirp + GRPC (authz)
1. idp (headless)
* provide a thrift/grpc endpoint that is the equivalent of `Ability.allowed?(subject, permission, resource)`
1. gitlab
2. OpenID Connect (authn) + OAuth (authz)
* two services
1. idp (with login pages)
* user
* member
* `member_role`
1. gitlab
* groups
* project
* OpenID transaction to provide authn information to `gitlab-org/gitlab`
* OAuth token introspection endpoint to provide token permissions
4. OPA agent style side car using declarative policy
3. API Gateway
* using golang reverse proxy and one of the new policy dsl's
## Identity Provider (SAML IdP)
This is a tiny SAML Identity Provider for testing out interactions with
a SAML Service Provider
1. Start the server:
$ ruby ./bin/idp
1. Use `http://localhost:8282/metadata.xml` as your SAML IdP Metadata url.
## Service Provider (SAML SP)
This is a tiny SAML Service Provider for testing out interactions with a SAML Identity Provider (IdP)
1. Start the server:
$ ruby ./bin/sp
1. Use `http://localhost:8283/metadata.xml` as your SAML SP Metadata url.
|
