hi, I am developing an application with exist-db and I would like to integrate auth0 features into the app. I know that exist-db supports different authentication realms, and in fact supports openID as a distinct realm (although unfortunately the documentation on how to configure an openID realm on exist-db is lacking). My question is, can auth0 be used with exist-db via the openID realm? Thank you community in advance for any help!
We donāt have specific docs on using exist-db, but if it supports OpenID Connect, then it should work fine. It just needs to be enabled, which it isnāt by default, according to:
https://exist-db.org/exist/apps/doc/security
and configured for Auth0 as IdP.
Another option is to use SAML:
hi! thank you for the quick response! I decided to use SAML v2 extension module for exist-db. I have enabled 3rd party SAML support for auth0 as described in the auth0 help files. I am looking at the āsaml protocol configuration parametersā page and I am needing some help matching the auth0 parameters with the parameters in the existdb-saml implementationā¦ specifically, the existdb-saml requires specification of the identity provider (which is auth0)'s entity and endpoint. I assume the entity corresponds to the auth0 āissuerā, and the endpoint corresponds to the auth0 āidentity provider login urlā? also, existdb-saml documents the identity provider entity as āa name string in URI formatāā¦ does this mean that the URI for the entity can be totally different than the URI for the endpoint?
likewise, the service provider (which is existdb)'s entity is also described as āa name string in URI formatā and the service provider endpoint is another URI. So I assume that the service provider entity is something like https://myinternet-facing-company.com (would https://localhost work?) and the endpoint is something like https://myinternet-facing-company.com/SAML-processor (again, would something like https://localhost/SAML-processor work?)
am I correct in my assumptions? or is there something Iām missing? thanks again for your help!!
1 Like
I will be looking into doing an Auth0 realm for eXist-db. I am probably going to be extracting the LDAP realm into its own package as well.