Modern Authentication
Google IAP

Claims Transformation for SAML and OIDC

No need to rewrite applications in order for them to accept different identity protocols

Future-proof applications in case you change SAML or OIDC providers at a later time

Allow for the addition of additional modern authentication solutions within the existing UX

Recipe summary: Claims Transformation – SAML and OIDC

This recipe demonstrates how Maverics makes it easy to incorporate SAML and OIDC to sessions and apps by abstracting the complexity of SAML or OIDC. With Maverics, you can add SAML and OIDC to apps without rewriting them. Maverics converts SAML and OIDC claims into HTTP headers that drop right into your apps. This enables applications that expect OIDC to accept SAML attributes without any need to refactor the apps themselves.

Recipe instructions: Claims Transformation – SAML and OIDC

  1. 1

    User requests a protected application (which is expecting an OIDC exchange).

  2. 2

    User's session is redirected to the Maverics Orchestrator.

  3. 3

    Maverics will evaluate if a valid session exists with your Authentication provider of choice (GCP's IAP in this case)./

  4. 4

    If the user hasn't authenticated yet - Maverics will redirect the user to properly authenticate using Google's identity provider.

  5. 5

    [optional] Google's IAP performs whatever zero trust checks it deems appropriate for the user.

  6. 6

    IAP sends a SAML assertion to Maverics.

  7. 7

    Maverics consumes the SAML token and parses it's assertions.

  8. 8

    [optional] Maverics can grab other attributes from other places for richer policy enforcement or additional claims.

  9. 9

    Maverics provides an auth code to the user's session and redirects to the target application.

  10. 10

    Target application exchanges the auth code directly with Maverics to validate.

  11. 11

    User is granted access to the application.

View recipe in action: Claims Transformation – SAML and OIDC

Recipe sequence diagram: Claims Transformation — SAML and OIDC

Recipe YAML config settings: Claims Transformation — SAML and OIDC

Maverics Identity Orchestration works with a simple YAML config* (as shown in the figure to the right). No app rewrites or custom code is required. Download this recipe’s full config file below.

*Config may vary based on your environment.