Replies: 2 comments
-
|
Thank you, we’d love to be able to completely replace Okta! Unfortunately, being a SAML Provider is not on our short/medium term roadmap due to complexity involved. It would involve developing another service like Ory Hydra which delegates the SAML flow while keeping the actual log in separate. But yeah, it’s a lot of work to get it right :/ Many providers do support OIDC though already so you could at least use Ory in those cases :) |
Beta Was this translation helpful? Give feedback.
-
|
The Ory Kratos and Ory Hydra integration just landed with Hydra 2.0, |
Beta Was this translation helpful? Give feedback.
-
I'm looking to implement a SAML Identity Provider, in hopes of completely replacing Okta with ory products.
We would like to use Kratos to manage identity profiles and from the looks of it Hydra could be used to for SSO with a few apps (such as GitLab).
That being said a vast majority of Enterprise SSO is still done via SAML, which means we need a SAML identity provider as well, a OIDC server alone won't do.
From the looks of it https://github.com/crewjam/saml allows the implementation of a SAML Identity Provider, and is already being used in an active PR in ory/kratos to implement a SAML Service Provider.
I wonder where it would be most appropriate to implement the SAML IP? Kratos, Hydra, or should it be a stand-alone application?
Given that most of what it would need to do is roughly similar to what Hydra already does, implementing it in Hydra would be the easiest solution, as it avoids needing to re-invent the wheel again.
Beta Was this translation helpful? Give feedback.
All reactions