Next.js + Enterprise SSO + Cerbos Example App

This is an example application that demonstrates how to use Cerbos with SAML Jackson

Resources

Blog tutorial

Run the Example App

Follow the steps below to run the example app.

Clone the repository

git clone https://github.com/boxyhq/jackson-cerbos

Then cd into the project directory

cd jackson-cerbos

Install dependencies

npm install

Run SAML Jackson and Cerbos Instances

This example comes with a docker-compose file that you can use to run the SAML Jackson and Cerbos instances locally. See the docker-compose.yml file for more details.

To start the servers, run the following command:

docker-compose up --build

OR

sh ./start.sh

This will start the SAML Jackson server on port 5225 and the Cerbos gRPC server on port 3593.

The Jackson endpoint is available at http://localhost:5225.

The Cerbos endpoint is available at http://localhost:3593.

To use a different Cerbos endpoint, update the file /lib/cerbos.ts with the new endpoint.

import { GRPC } from "@cerbos/grpc";

export const cerbos = new GRPC("cerbos-instance-endpoint.app", {
  tls: false,
});

Start the Example App

To start the Next.js app, run the following command:

npm run dev

This will start the Next.js app on port 3000. The app is available at http://localhost:3000.

How to test the Example App

Follow the steps below to test the example app.

Add SAML Connection

The first step is to add a SAML connection to the app. To do this, click the menu SAML Connection from the top navigation bar.

In real world applications, the SAML connection is typically configured by the IT team and this page should be accessible only by the users with the appropriate access in the organization.

You can use any identity provider (IdP) that supports SAML 2.0. For this example, we will use Okta.

Paste the XML Metadata and click Create SAML Connection button.

Sign in

After the SAML connection is created, click the Sign in button from the top navigation bar.

Enter the work email you have configured in the SAML app and click the Continue with SAML SSO button.

After the SAML authentication is successful, you will be redirected to the home page.

Home

You'll see the user profile of the authenticated user on the home page.

In addition to the user profile, you'll also see the list of policies that the user has access to. These are the policies that the user has access to based on the roles assigned to the user on the SAML app.

See /api/resources.ts for more details about how the policies are fetched from Cerbos.

Tech Stack

• SAML Jackson
• Cerbos
• Next.js
• Tailwind CSS

Learn More

To learn more about SAML Jackson and Cerbos, take a look at the following resources:

• BoxyHQ Website
• Cerbos Website
• SAML Jackson Documentation
• Cerbos Documentation

Contributing

Thanks for taking the time to contribute! Contributions are what make the open-source community such an amazing place to learn, inspire, and create. Any contributions you make will benefit everybody and are appreciated.

Please try to create bug reports that are:

• Reproducible. Include steps to reproduce the problem.
• Specific. Include as much detail as possible: which version, what environment, etc.
• Unique. Do not duplicate existing opened issues.
• Scoped to a Single Bug. One bug per report.

Community

• Discord (For live discussion with the Open-Source Community and BoxyHQ team)
• Twitter (Follow us)
• GitHub Issues (Bug reports, Contributions)

License

Apache 2.0 License