This service combines some basic functionality of Authelia with a SAML Service Provider so that HTTP authentication sub-requests to /api/verify
or /api/authz/forward-auth
are checked against the presence of a valid session otherwise a SAML authentication process is started.
The process for login is:
- A reverse proxy, such as HAProxy, gets a HTTP request from a user
- This proxy performs a process to verify the authentiction of the user via a HTTP sub-requet to
/api/authz/forward-auth
- If the user is already authenticated the
/api/authz/forward-auth
returns aHTTP 200 OK
response along with HTTP headers the proxy may use to identify the user - If no valid session is available, a redirect is returned to the proxy which should be returned to the user, which will start the SAML login process