On Wed, Oct 11, 2023 at 02:20:02PM +0000, Branitsky, Norman wrote: > The sample SAML authentication code saml.ini was provided by HAProxy > Enterprises support. > They also provided: > /opt/hapee-extras/bin/hapee-saml
Ah OK I didn't catch that you were talking about this one, shame on me :-) But in this case you're getting both ends, the config part that goes into haproxy and the external daemon in charge of the auth stuff. If in a future version we'd kill SPOE, it would be replaced with something else, and in such a case that daemon would work differently, but your package would continue to provide both ends at once. My goal is clearly not to annoy users and even less developers (as they may invest quite some time on certain features). I just want to identify what needs to be preserved if we have to kill something that constantly stays in the path and prevents the solution from evolving. Here it might be too late to announce the surprise that SPOE goes away with such external software, but we could maybe deprecate it and announce that 3.0 will be the last one to support it so that it leaves time to various implementors to rely on another solution (HTTP+Lua or anything else maybe, I don't know and maybe we'll also have to provide more hooks). Thanks for your valuable inputs, that's really helpful! Willy
