I'm looking for an identity solution that allows me to offer SSO in a typical SAAS scenario:<p>-Multitenant support where tenants can be created in an automated fashion<p>-Allows SSO to be setup back to a tenant's own identity provider (saml2)<p>-There could be between 2 and 300 users per tenant. I'd be happy to have 3 tenants with 20 users each to begin with.<p>-No real need for logins to link to multiple tenants<p>Auth0 is expensive for this relative to where I am at. I'm on the .net core stack where identityserver4 is often used, but some of the (java) based offerings appear to come with more out of the box (for free). In saying that, integration with SAAS of this nature looks to complicate things. So I'd appreciate any advice from HN's experience on the options available.
I rolled my own at work based on <a href="https://github.com/displayr/AspNetSaml" rel="nofollow">https://github.com/displayr/AspNetSaml</a> which I forked from <a href="https://github.com/jitbit/AspNetSaml" rel="nofollow">https://github.com/jitbit/AspNetSaml</a><p>There is a PR to make it work with .NET core at the moment.<p>Once you understand the protocol it’s a case of storing some fields relating to the IdP in your database, for each tenant. Redirect to the IdP website and they’ll redirect back to you and post a signed XML doc to daub Joe is authenticated and belongs to these groups.
Unless I'm misunderstanding your needs, why wouldn't <a href="http://www.passportjs.org/" rel="nofollow">http://www.passportjs.org/</a> work? I've used it successfully for Google & Facebook signup/signin.<p>It has SAML support and I guess one of these packages could be customized to your needs?
<a href="http://www.passportjs.org/packages/" rel="nofollow">http://www.passportjs.org/packages/</a>
I highly recommend ComponentSpace SAML SSO. There is a cost, but well worth it, imo. It's well maintained, support and forum available, fast responses, etc. I tried a few OSS, but they had some limitations that I couldn't get around in a short timeframe.