epoch1 has asked for the wisdom of the Perl Monks concerning the following question:

Hi monks,

I'm in the process of trying to set up an application portal using Active Directory Federation Services (ADFS) for authentication and authorisation and I could use some help figuring out the best way to do this for Perl based web applications.

I have a number of Perl web applications which will be protected by a login page (service providers). Once authenticated by the identity provider (ADFS) the user will have access to specific web applications based on their security group membership in Active Directory.

I’ve had some success using phpsimplesaml but I wondered if there is a way to do something similar in Perl? I’ve looked at Net::SAML2 but there isn’t a lot of documentation on it and it also says that it is an early release module - I need something that is going to be stable and reliable. I’ve also looked at Net::SAML which doesn’t seem to work with newer versions of Perl.

Any thoughts folks?

  • Comment on ADFS / SAML2 authentication and authorisation

Replies are listed 'Best First'.
Re: ADFS / SAML2 authentication and authorisation
by enoch (Chaplain) on Jul 02, 2016 at 20:52 UTC

    SAML has a lot of hidden traps. I would avoid rolling my own service provider client.

    The open source Shibboleth service provider should meet all your needs. Bonus, the creators of the software are the people who wrote the specifications for SAML. You can essentially consider it the reference implementation of the spec.

    Using it with ADFS has its own ways of possessing pitfalls and quirks. But there are plenty of people in the community on the mailing lists that can help -- http://shibboleth.net/community/lists.html.

[reply]

Back to Seekers of Perl Wisdom