v0.9: SAML SSO, User Export
This release includes two exciting features that further expand the scope of Hanko:
SAML Enterprise SSO
- We've added support for external SAML identity providers (IdP). That means the Hanko login can now be configured to redirect email addresses of certain domains to connected SAML IdPs. This is useful for Hanko deployments targeting B2B scenarios where customers request the ability for their employees to sign in with their company-managed single sign-on (SSO) service such as Okta, Onelogin, Keycloak, and others.
- The SAML feature is implemented per domain, i.e. each SAML connection is associated with an email domain. Given a valid SAML connection for, e.g.,
example.com,
each user that enters an@example.com
email address into the username field of thehanko-auth
element will be redirected to the respective SAML IdP. If the user can be authenticated by the IdP, they will get directed back to Hanko and a regular Hanko JWT will be issued. - In the current implementation, all
hanko-profile
actions are still possible for SAML-provisioned users. That means that a SAML user can still create a passkey directly with the service running Hanko and will be able to use this passkey to authenticate without being redirected to the IdP. We are aware that this may not be the desired behavior and we're open to hear your thoughts moving forward. - See the updated backend docs to learn about all new SAML config options.
- Thanks @shentschel for your work on this!
Important
We've introduced the /ee folder in the Hanko backend that has a different proprietary license for the code that handles SAML SSO connections. Self-hosting a Hanko production deployment that uses /ee code requires a commercial agreement with us. If the SAML feature is not used / configured, the code won't be executed and there's no risk of a license violation.
User Export
- In the same spirit of our existing user import feature, there's now a user export subcommand made available by Hanko backend.
- The exported data is in the same format / schema that's used for user import (i.e. exported Hanko data is importable to another Hanko without any modifications)
- Thanks @IgnisDa for your contribution!
What's Changed
- chore: remove sonatype lift config by @lfleischmann in #1079
- Guide on how to get user data by @Esther-Lita in #1028
- chore(deps): bump github.com/labstack/echo/v4 from 4.11.1 to 4.11.2 in /backend by @dependabot in #1083
- chore(deps): bump golang.org/x/net from 0.10.0 to 0.17.0 in /quickstart by @dependabot in #1084
- chore: remove frontend-sdk dockerfile by @lfleischmann in #1087
- ci: remove docs auto deploy on backend tag by @lfleischmann in #1088
- added API link by @krishvsoni in #1082
- Add
user export
subcommand by @IgnisDa in #1097 - chore(deps): bump github.com/lestrrat-go/jwx/v2 from 2.0.13 to 2.0.14 in /backend by @dependabot in #1101
- Feature/saml by @shentschel in #1041
- chore(deps): bump @babel/traverse from 7.21.2 to 7.23.2 in /frontend by @dependabot in #1103
New Contributors
- @krishvsoni made their first contribution in #1082
- @shentschel made their first contribution in #1041
Full Changelog: https://github.com/teamhanko/hanko/compare/@teamhanko/[email protected]/v0.9.0