I have a product, written in Perl, that uses ssh to do its business. I have a potential customer who has written a SAML based authentication system. The would-be customer wants me to have my product use their authentication system instead of ssh.
I'm looking for a solution that would require the least amount of work on both our parts. I am hoping to find a way to configure ssh to "just use" SAML for authentication instead-of-or-in-addition-to its other authentication mechanisms.
My first thought is that SAML is similar to Kerberos, and ssh supports Kerberos authentication via the GSSAPIAuthentication option (among others). Now I don't know much about this stuff, but I was wondering if I could have ssh use GSSAPIAuthentication to authenticate with SAML instead of Kerberos?
My research has come up with some interesting results:
Using SAML for Platform Security
SAML-AAI/Kerberos Integration
2005 Discussion on SAML using GSS-API
I ended up sending an email to Nicolas Williams about this, since he seems to be active in a lot of these discussions.
Can anybody here help me with this? Am I going down a dead-end here? Should I be trying to solve the problem in a different way?
Any thoughts, pointers, or discussion is appreciated.
Thanks
-Craig
Update:
A co-worker suggested looking into a PAM module to do this (ssh & pam work great together). I couldn't find a PAM module for SAML, but did find a java-to-pam bridge which might let me write the SAML authentication in java, and connect it up to ssh via pam.
Then I thought it would be nice to write in perl instead of java. Wouldn't you know it Authen::PAM!
Update 2:
Since perl also has Net::SAML, shouldn't it be easy to write a perl module to do this?
In reply to How to have SSH authenticate using SAML? by cmv
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |