|P is for Practical|
How to have SSH authenticate using SAML?by cmv (Chaplain)
|on Jul 30, 2009 at 18:38 UTC||Need Help??|
cmv has asked for the
wisdom of the Perl Monks concerning the following question:
I have a product, written in Perl, that uses ssh to do its business. I have a potential customer who has written a SAML based authentication system. The would-be customer wants me to have my product use their authentication system instead of ssh.
I'm looking for a solution that would require the least amount of work on both our parts. I am hoping to find a way to configure ssh to "just use" SAML for authentication instead-of-or-in-addition-to its other authentication mechanisms.
My first thought is that SAML is similar to Kerberos, and ssh supports Kerberos authentication via the GSSAPIAuthentication option (among others). Now I don't know much about this stuff, but I was wondering if I could have ssh use GSSAPIAuthentication to authenticate with SAML instead of Kerberos?
I ended up sending an email to Nicolas Williams about this, since he seems to be active in a lot of these discussions.
Can anybody here help me with this? Am I going down a dead-end here? Should I be trying to solve the problem in a different way?
Any thoughts, pointers, or discussion is appreciated.
Then I thought it would be nice to write in perl instead of java. Wouldn't you know it Authen::PAM!