fusionauth-samlv2
rls_oso
fusionauth-samlv2 | rls_oso | |
---|---|---|
3 | 1 | |
5 | 3 | |
- | - | |
4.6 | 3.9 | |
2 months ago | 4 months ago | |
Java | Rust | |
Apache License 2.0 | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
fusionauth-samlv2
-
php-saml VS fusionauth-samlv2 - a user suggested alternative
2 projects | 25 May 2023
This repository is SAML v2.0 bindings in Java using JAXB.
-
Supabase Auth: SSO, Mobile, and Server-Side Support
Disclosure, I work for FusionAuth, which can both integrate with and compete with Supabase.
Welcome, Supabase, to the world of SAML/SSO. It's a hairy one, but single sign-on is undifferentiated and really great for customers, so I'm glad you joined.
A few thoughts:
* Consider adding identity linking to your roadmap. I noticed[0] that you don't support it, and will create duplicate accounts if someone uses SSO with the same email address that an existing account has. As a model, FusionAuth offers seven linking strategies[1]. This flexibility lets you handle more use cases.
* I'd encourage you (and your customers) to test across as many SPs as you can. SAML is an 800+ page specification and even though we've been offering SAML for over 10 years and have open sourced our bindings[2], we still have edge cases that pop up.
* I'd love to add FusionAuth as a SAML SSO provider to your docs, so will put that on our team's doc roadmap and submit a PR. :)
* Not related to SAML, but I'm glad that you are working towards supporting PKCE. I hope you deprecate the implicit grant; the XSS threat is very real and the OAuth 2.1 spec (still in progress) basically deprecates that grant[3] throw omission. Also, we agree that setting cookies (HTTPOnly and secure, please) is a great way to store tokens[4] and that is worth requiring a server side component in applications.
Finally, I understand why this is part of a paid offering; SAML is often used to segment out enterprise customers with $$$. You like to make money, as do we all. But I'd encourage you to think about a free tier because it is so helpful to the user experience. Maybe 1 SAML connection could be part of the base offering?
0: https://supabase.com/docs/guides/platform/sso
1: https://fusionauth.io/docs/v1/tech/identity-providers/#linki...
2: https://github.com/FusionAuth/fusionauth-samlv2/commits/mast...
3: https://oauth.net/2.1/
4: https://fusionauth.io/learn/expert-advice/oauth/oauth-token-...
-
SAML Is Insecure by Design
We recommend OIDC, but support SAML because customers.
We implemented our own SAML processing library, too: https://github.com/FusionAuth/fusionauth-samlv2
(We pay for valid security bugs.)
rls_oso
-
Supabase Auth: SSO, Mobile, and Server-Side Support
> do you have an opinion on which enterprise-grade AuthZ provider works best with Supabase?
Since you asked for my personal opinion, then I would say Postgres Row Level Security for AuthZ. RLS is as powerful as it is flexible. It's fully-integrated with the rest of the Supabase stack, and it's portable if you don't like supabase - just pg_dump and take it to your favourite Postgres provider.
That said, I understand why it's useful to have something more structured like RBAC. We have experimented with a ideas here (specifically ABAC), using a custom libraries/extensions/custom claims[0]. We do something similar internally, but aren't 100% happy with the developer experience and don't plan to release it any time soon.
I'm sure the Auth team won't enjoy me saying this, but I like the idea of Zanzibar. I've seen some experimental Postgres extensions[1] that combine Oso[2] + RLS which I'd love to try when I get time.
[0] custom claims: https://dev.to/supabase/supabase-custom-claims-34l2
[2] Oso + RLS: https://github.com/MFAshby/rls_oso
[1] Oso: https://www.osohq.com/
What are some alternatives?
ASP.NET SAML - Very simple SAML 2.0 consumer module for ASP.NET/C#
schemainspect - Schema inspection for PostgreSQL (and potentially others).
saml-idp - Simple SAML Identity Provider (IdP)
supabase-terraform
shib-sp - Containerized Shibboleth SP
flutter-chat - Simple chat application built with Flutter and Supabase.
mundane - Mundane is a Rust cryptography library backed by BoringSSL that is difficult to misuse, ergonomic, and performant (in that order).
create-t3-turbo - Clean and simple starter repo using the T3 Stack along with Expo React Native and Supabase