AlinsRan opened a new pull request, #13346: URL: https://github.com/apache/apisix/pull/13346
## Summary The `saml-auth` plugin enables SAML 2.0 authentication for API routes, acting as a SAML Service Provider (SP) that integrates with external Identity Providers (IdP) such as Keycloak, Okta, and Azure Active Directory. ## Changes - **`apisix/plugins/saml-auth.lua`** — Plugin implementation (priority: 2598, phase: rewrite) - **`apisix-master-0.rockspec`** — Added `lua-resty-saml = 0.2.5` dependency - **`conf/config.yaml.example`** — Registered plugin at priority 2598 (between openid-connect 2599 and cas-auth 2597) - **`apisix/cli/config.lua`** — Added plugin to default plugin list - **`t/plugin/saml-auth.t`** — Schema validation tests - **`docs/en/latest/plugins/saml-auth.md`** — English documentation - **`docs/zh/latest/plugins/saml-auth.md`** — Chinese documentation ## Plugin Features - HTTP-Redirect and HTTP-POST SAML binding methods - Single Sign-On (SSO) and Single Logout (SLO) - Session key rotation via `secret_fallbacks` - Encrypted storage of `sp_private_key`, `secret`, and `secret_fallbacks` - Sets `ctx.external_user` for downstream authorization plugins (e.g., `acl`) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
