Hey everyone, we are Deepak and Sama, co-founders of BoxyHQ. We are posting our enterprise SSO project to seek feedback from the Reddit community. Over the past few months, the team has been working really hard on our SAML SSO project, our early customers love us. It would be great if you can share some insights or ideas you’d like to see in the project going forward.
One of the most common requirements enterprises have for their SaaS providers is SSO (Single Sign-On) or SAML as it adds a layer of their internal authentication to your product. This way their users can access your product via one of their secure IdPs (Identity Providers), which manages access and security for the entire organization.
tl;dr → https://github.com/boxyhq/jackson
The project is called SAML Jackson. Jackson implements the SAML login flow as an OAuth 2.0 flow, abstracting away all the complexities of the SAML protocol. Our objective is that anyone could Integrate SAML with just a few lines of code. Developers can easily add single sign-on authentication to their products, and it supports most identity providers via SAML 2.0.
More details about SAML Jackson features:
- Jackson acts as a SAML Service Provider (SP) proxy, we do not intend to add functionality to make it an Identity Provider. Keycloak or Ory would be a great choice if you are looking for a SAML IdP
- Integrates seamlessly with all popular OAuth 2.0 libraries out there
- Supports most SAML providers out there - Okta, Azure AD, Auth0, Azure AD, OneLogin, Google SAML, Shibboleth
- Supports PKCE flow, so suitable for SPA applications
- Support SAML login on native mobile apps, a huge advantage since the traditional SAML flow is a little tricky to support on a native mobile app
- Wide range of supported databases - Postgres, MariaDB, MySQL, MongoDB, Redis with an easy-to-extend interface to support other databases
One suggestion is that you could probably capture a lot of search traffic from devs just starting on SSO by providing great content on the topic. When I started looking, it was pretty tough to find the "for-dummies" content.
That is a great suggestion. SSO starter content is in the works including product integration guides.
It is a nodejs service (or can be embedded as an npm). We are looking at potentially supporting other languages but for now our customers are happy deploying it as a separate service.
The core version is completely free to use (Apache 2.0), we already have paying self-hosted customers who are paying a monthly subscription fee. We'll be introducing a paid hosted version later and premium features for the self-hosted version.
One of the most common requirements enterprises have for their SaaS providers is SSO (Single Sign-On) or SAML as it adds a layer of their internal authentication to your product. This way their users can access your product via one of their secure IdPs (Identity Providers), which manages access and security for the entire organization.
tl;dr → https://github.com/boxyhq/jackson The project is called SAML Jackson. Jackson implements the SAML login flow as an OAuth 2.0 flow, abstracting away all the complexities of the SAML protocol. Our objective is that anyone could Integrate SAML with just a few lines of code. Developers can easily add single sign-on authentication to their products, and it supports most identity providers via SAML 2.0.
More details about SAML Jackson features:
- Jackson acts as a SAML Service Provider (SP) proxy, we do not intend to add functionality to make it an Identity Provider. Keycloak or Ory would be a great choice if you are looking for a SAML IdP
- Integrates seamlessly with all popular OAuth 2.0 libraries out there
- Supports most SAML providers out there - Okta, Azure AD, Auth0, Azure AD, OneLogin, Google SAML, Shibboleth
- Supports PKCE flow, so suitable for SPA applications
- Support SAML login on native mobile apps, a huge advantage since the traditional SAML flow is a little tricky to support on a native mobile app
- Wide range of supported databases - Postgres, MariaDB, MySQL, MongoDB, Redis with an easy-to-extend interface to support other databases