hngopher.com

       [HN Gopher] Multi-tenant SAML in an afternoon
       ___________________________________________________________________
        
       Multi-tenant SAML in an afternoon
        
       Author : ned_at_codomain
       Score  : 20 points
       Date   : 2024-10-07 19:14 UTC (1 days ago)
        
 (HTM) web link (tylerrussell.dev)
 (TXT) w3m dump (tylerrussell.dev)
        
       | jansommer wrote:
       | > Last but not least, cost. I'll just come out and say it: IMHO,
       | what most vendors charge for being IdP is outrageous. Charging by
       | MAU in an IdP? Really? We all know that the marginal cost for me
       | to have a user in your system is essentially 0. You really gonna
       | charge me 10 cents a month for a row in your database?
       | 
       | I've been looking into adding OAuth2/OIDC IdP integrations to an
       | app I'm making. The pricing for most auth-as-a-service is indeed
       | outrageous, and I don't need (or want) JWT. oauth4webapi [1] fits
       | the bill here, is free and certified. Took less than an afternoon
       | to have sign in with Google and another IdP. There's obviously
       | more work to be done, but it's not rocket science.
       | 
       | Don't know if there's an equivalent for SAML. But I've certainly
       | considered going into the auth SaaS business a few times. Seems
       | like there's good money to be made.
       | 
       | [1] https://github.com/panva/oauth4webapi (TypeScript)
        
         | tomjen3 wrote:
         | I have setup Keycloak a bunch of times. I don't know if I would
         | say it is a good solution (that would be ditching SAML), but it
         | doesn't require you to pay outrages fees.
        
         | runako wrote:
         | > the marginal cost for me to have a user in your system is
         | essentially 0
         | 
         | This argument essentially reduces to the notion that most Web
         | apps should be free. The marginal cost of a
         | Salesforce/Canva/Outlook/Office/Github/Discord/any scaled SaaS
         | user is a tiny epsilon. If that were not true, there would not
         | be a viable software business there; that epsilon keeps
         | everyone paid who keeps everything running.
         | 
         | > You really gonna charge me 10 cents a month for a row in your
         | database?
         | 
         | Apologies for the analogy, but the 10 cents is not for the
         | storage, but for knowing _which_ row is yours.
         | 
         | It's fine to want to DIY, no shade to that at all. But not
         | every application is a fit for DIY solutions for whatever
         | reason.
        
       ___________________________________________________________________
       (page generated 2024-10-08 23:01 UTC)