{"id":15690729,"url":"https://github.com/42wim/caddy-saml","last_synced_at":"2026-02-27T05:40:11.166Z","repository":{"id":57509718,"uuid":"125765719","full_name":"42wim/caddy-saml","owner":"42wim","description":"saml plugin for caddy","archived":false,"fork":false,"pushed_at":"2019-07-09T09:50:40.000Z","size":5758,"stargazers_count":8,"open_issues_count":0,"forks_count":3,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-10-25T16:25:48.913Z","etag":null,"topics":["caddy","caddy-plugin","saml","shibboleth"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/42wim.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-03-18T20:40:51.000Z","updated_at":"2022-01-26T20:15:57.000Z","dependencies_parsed_at":"2022-09-26T17:51:20.067Z","dependency_job_id":null,"html_url":"https://github.com/42wim/caddy-saml","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/42wim/caddy-saml","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/42wim%2Fcaddy-saml","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/42wim%2Fcaddy-saml/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/42wim%2Fcaddy-saml/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/42wim%2Fcaddy-saml/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/42wim","download_url":"https://codeload.github.com/42wim/caddy-saml/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/42wim%2Fcaddy-saml/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29886118,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-27T05:38:26.446Z","status":"ssl_error","status_checked_at":"2026-02-27T05:38:25.235Z","response_time":57,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["caddy","caddy-plugin","saml","shibboleth"],"created_at":"2024-10-03T18:14:45.039Z","updated_at":"2026-02-27T05:40:11.137Z","avatar_url":"https://github.com/42wim.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# caddy-saml\n\nWIP\nBased heavily on https://github.com/crewjam/saml and https://github.com/RobotsAndPencils/go-saml with a little bit of https://github.com/russellhaering/gosaml2\n\n## Usecase\nOur usecase is to use caddy as a reverse proxy with shibboleth support (instead of using apache,mod_shib and shibd)\n\n## Example with cert from disk and tls enabled\n```\nhttps://:443 {\n    tls /path/cert.pem /path/key.pem\n    saml {\n        root_url https://yourdomain.com\n        disk /path/cert.pem /path/key.pem\n        idp_metadata https://youridp.com/download/metadata/metadata-yourdomain.xml\n        /path1 valid-user\n        /path1 mail email2@domain.com\n        /path1 require-all\n        /path2 mail email@domain.com\n        /hello uid testuid\n        /hello dump-attributes\n }\nproxy /hello https://backendserver.com\nproxy /path1 http://backend2.com:8080\n}\n```\n\n\n## Example with cert from vault\n```\nhttp://:80 {\n    saml {\n        root_url https://yourdomain.com\n        idp_metadata https://youridp.com/download/metadata/metadata-yourdomain.xml\n        vault_server https://vault.yourdomain.com\n        vault_path secret/projects/caddy-saml/yourdomain.com\n        /path1 valid-user\n        /path1 require-nosession\n        /path2 mail email@domain.com\n        /hello uid testuid\n        /hello dump-attributes\n }\nproxy /hello https://backendserver.com\nproxy /path1 http://backend2.com:8080\n}\n```\n\n## Example with cert from disk and tls and mysql sessions enabled\n```\nhttps://:443 {\n    tls /path/cert.pem /path/key.pem\n    saml {\n        mysql login:password@tcp(mysql.hostname.com)/caddysaml\n        root_url https://yourdomain.com\n        disk /path/cert.pem /path/key.pem\n        idp_metadata https://youridp.com/download/metadata/metadata-yourdomain.xml\n        /path1 valid-user\n        /path1 mail email2@domain.com\n        /path1 require-all\n        /path2 mail email@domain.com\n        /hello uid testuid\n        /hello dump-attributes\n }\nproxy /hello https://backendserver.com\nproxy /path1 http://backend2.com:8080\n}\n```\n\n\n\n## Issues\nThe OpenSSL default format for private keys is PKCS-8. We only support PKCS-1 private keys.\nA private PKCS-8 formated RSA key can be converted to a private PKCS-1 formated RSA key by:\n\n```sh\nopenssl rsa -in private-pkcs8-key.key -out private.key\n```  \n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F42wim%2Fcaddy-saml","html_url":"https://awesome.ecosyste.ms/projects/github.com%2F42wim%2Fcaddy-saml","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F42wim%2Fcaddy-saml/lists"}