User Permissions SAML Provider

I have a question regarding user-permission providers and SAML.

I do see SAML mentioned briefly in this post Splitting the management of Admin Users and End Users but don’t see any mention of it in the docs.

Digging into user-permission it looks like it leverages Grant to integrate with providers which as far as I can tell only supports OAuth2. I was able to get Google working as a provider and also add my own custom OAuth2 provider but it doesn’t look like it’s possible to easily add a SAML provider.

The only information I’ve found so far is this issue SAML Provider · Issue #2368 · strapi/strapi · GitHub. Does anyone know of or have an example of a working user-permissions SAML provider?

Thanks in advance

We have not implemented SAML yet, we do plan to eventually move the users-permissions providers over to passport.js but have no ETA at the moment.

You will probably want to look into GitHub - simov/grant: OAuth Proxy (the library we currently use) and see if you can add it via that, to add custom grant providers you can follow our guide on the docs here:

Thanks for the update. I’ve already been able to implement a custom grant provider (OAuth2) using the docs above and have already looked into GitHub - simov/grant: OAuth Proxy. The problem is Grant is built to support OAuth2 and does not support SAML.

It seems like the path forward is leverage passport.js, given that there is no ETA, my next step would be to figure out how to customize user-permissions to use passport.js instead of Grant which could potentially then be contributed back to the project.

That would be awesome if you are willing to give it a shot, just something to note since changing to passport.js will be a fairly large (and breaking change) we probably need more discussion in an RFC: GitHub - strapi/rfcs: RFCs for Strapi future changes

Hi @Rich_Lucas, did you manage to get SAML working in any way? I would love to see an example of how it can be done, even if it’s only a partial solution

Hi @Rich_Lucas Can you help me add a custom provider to the v4, in the v3 those files were in \extensions\users-permissions\services\provider.js but in the v4 I can do it the rigth way.