Use OIDC/SAML backwards to pass valid jwt token/roles/user to other Oauth/SAML compatible apps protected by Caddy reverse proxy

[TedSheckler2021]

Hi there

I know you can do OIDC/SAML as a forward auth provider, but I was wondering if caddy sec can pass a session backwards via OIDC/SAML

Im trying to avoid multple logins, just use the fantastic Caddy/Caddy Security login once (I know that's a Keycloak thing) .. I just like caddy because it's one stop shopping

It might be possible, I've successfully passed custom headers from the JWT token to automatically login certain compatible tools like cloudbeaver

https://github.com/dbeaver/cloudbeaver/wiki/Reverse-proxy-header-authentication

but most apps support OIDC/SAML .. and you can't just pass headers like that for a SSO.. ish behaviour without OIDC/SAML inbound as a forward_auth

Example apps, Superset/PGAdmin etc

I usually just disable the app accounts, and have users share one account, but ideally, id like to segregate them by caddy sec role, without the overhead of external Identity Provider (IdP) like Okta, Auth0

thanks in advance

[greenpau]

@TedSheckler2021 , please reach out to me on LinkedIn and let's have Google Meet to discuss it.