Author Topic: Anyone know a SAML expert?  (Read 10450 times)

Mike

  • Jackass In Charge
  • Posts: 11270
  • Karma: +168/-32
  • Ex Asshole - a better and more caring person.
Anyone know a SAML expert?
« on: July 13, 2021, 10:49:56 AM »
We've got a SAML IdP tied into our old system using SimpleSAMLPHP that we are trying to tie into our new Python systems.  Unfortunately, there aren't that many Python IdP implementations and we are reaching the point where I don't think we have enough knowledge of SAML to implement it securely.  So, we are considering getting a contractor who does have the knowledge for a short term engagement.

hans

  • Guitar Addict
  • Jackass In Charge
  • Posts: 3539
  • Karma: +46/-18
Re: Anyone know a SAML expert?
« Reply #1 on: July 13, 2021, 11:01:31 AM »
I remember it being a pain to work with. (back in my Java/Groovy days)

Which SAML provider did you go with? That might help determine what Python lib you might want to use if they have an implementation for you. If I remember ones like Auth0 had client libs available for most languages.
This signature intentionally left blank.

Mike

  • Jackass In Charge
  • Posts: 11270
  • Karma: +168/-32
  • Ex Asshole - a better and more caring person.
Re: Anyone know a SAML expert?
« Reply #2 on: July 13, 2021, 11:42:09 AM »
I remember it being a pain to work with. (back in my Java/Groovy days)
Understatement right there

Quote
Which SAML provider did you go with? That might help determine what Python lib you might want to use if they have an implementation for you. If I remember ones like Auth0 had client libs available for most languages.
We are the identity provider (IdP).  The service provider (SP) side is actually pretty easy and we have that done already.  The provider side is where the pain is.  Everyone wants to be a consumer but no-one wants to be the provider ;)

We actually did look at using a 3rd party service but there cost is far too high.  I could almost employee a full-time programmer for the yearly cost.

ober

  • Ashton Shagger
  • Ass Wipe
  • Posts: 14337
  • Karma: +73/-790
  • mini-ober is taking over
    • Windy Hill Web Solutions
Re: Anyone know a SAML expert?
« Reply #3 on: July 13, 2021, 02:33:05 PM »
Yeah, we're implementing Auth0.  Not cheap, but worth it.  Of course our primary engineer left the company so we're looking for someone too.

Mike

  • Jackass In Charge
  • Posts: 11270
  • Karma: +168/-32
  • Ex Asshole - a better and more caring person.
Re: Anyone know a SAML expert?
« Reply #4 on: July 13, 2021, 04:43:18 PM »
Hmmm, did a quick review of Auth0 and their pricing seemed a lot better than what our guy reported.  The best I was seeing was $2 / user / month.  Even if I cull our database those that that could potentially use the system I'm still left with well over $100K (probably looking at 2 to 3 times that) a year in costs.  We are still well over Auth0's free tier but they seem much more reasonable.

ober

  • Ashton Shagger
  • Ass Wipe
  • Posts: 14337
  • Karma: +73/-790
  • mini-ober is taking over
    • Windy Hill Web Solutions
Re: Anyone know a SAML expert?
« Reply #5 on: July 13, 2021, 05:00:27 PM »
Keep in mind that Auth0 got aquired by Okta.  They claim that they're still going to operate separately.  Also, we got their pricing down quite a bit through negotiation, by like 25% or something.  But then again we're spending like $300k/year.

Mike

  • Jackass In Charge
  • Posts: 11270
  • Karma: +168/-32
  • Ex Asshole - a better and more caring person.
Re: Anyone know a SAML expert?
« Reply #6 on: July 13, 2021, 05:21:45 PM »
Yeah, I saw that after I contacted them.  But, if they'll do a contract then I'm less worried about it.  Fortunately, we are a 501(c)(3) so we can generally get a discount that way.

If you don't mind and can say: How many users and daily logins?  Or more to the point, what is the metric they are using to determine how much to charge you and how does that relate to the cost?

ober

  • Ashton Shagger
  • Ass Wipe
  • Posts: 14337
  • Karma: +73/-790
  • mini-ober is taking over
    • Windy Hill Web Solutions
Re: Anyone know a SAML expert?
« Reply #7 on: July 13, 2021, 11:18:58 PM »
They use MAU (monthly active users), API calls (Machine 2 Machine), and then any addon services like security or whatever else.  We also contract for a certain number of 'enterprise connections' which allows us to connect to our bigger clients' IDPs.

ober

  • Ashton Shagger
  • Ass Wipe
  • Posts: 14337
  • Karma: +73/-790
  • mini-ober is taking over
    • Windy Hill Web Solutions
Re: Anyone know a SAML expert?
« Reply #8 on: July 13, 2021, 11:20:38 PM »
Oh, and we contract for between 350K MAU, 1000 M2M, and 10 enterprise connections.  Although MAU for us is different this year.  Our actual MAU numbers are closer to 750K but not all of our platforms are converted to Auth0 yet.

Mike

  • Jackass In Charge
  • Posts: 11270
  • Karma: +168/-32
  • Ex Asshole - a better and more caring person.
Re: Anyone know a SAML expert?
« Reply #9 on: July 14, 2021, 08:59:26 AM »
Great, thanks for the information.  Using monthly active users might just work.  We have a decent number of accounts but only a small portion actually use the system.

Mike

  • Jackass In Charge
  • Posts: 11270
  • Karma: +168/-32
  • Ex Asshole - a better and more caring person.
Re: Anyone know a SAML expert?
« Reply #10 on: July 14, 2021, 04:38:53 PM »
Just had a call with them and yeah it looks real promising.  Since they use MAU instead of raw account numbers we easily fall within their cheaper plans.

I do need to think about some of non-production sites that have their own login.  I feel like they can be consolidated to one and then have another login for our actual test system.

Edit: Actually, it looks like not.  Did more research on our MAU count and we had 3 months in the last year that broken the limit for that cheaper tier.  Oh well, back to self hosted SAML.
« Last Edit: July 14, 2021, 07:02:49 PM by Mike »

ober

  • Ashton Shagger
  • Ass Wipe
  • Posts: 14337
  • Karma: +73/-790
  • mini-ober is taking over
    • Windy Hill Web Solutions
Re: Anyone know a SAML expert?
« Reply #11 on: July 15, 2021, 09:50:14 AM »
Ah, that sucks.  Auth0 is pretty cool.

Mike

  • Jackass In Charge
  • Posts: 11270
  • Karma: +168/-32
  • Ex Asshole - a better and more caring person.
Re: Anyone know a SAML expert?
« Reply #12 on: July 15, 2021, 11:19:03 AM »
Yeah.  I was kinda looking forward to making it someone else's problem and getting some of the nicer behavioral based security.  Hopefully we'll revisit in the future and reevaluate then.