We have 200 home based staff using Squid Proxy 3.1 running on a Linux Ubunto 10 private server.
I would like users to authenticate to Squid via the existing SAML preferably or OpenID accounts they have with our provider OneLogin.com.
We currently have users authenticate via basic authentication to an MD5 encrypted flat file on the server. I need to move away from that method as soon as possible to reduce management of accounts and make it easier for users to authenticate.
The user experience I am aiming at is automatic invisible behind the scenes authentication to the proxy server.
The Admin experience I am aiming for is for no user accounts to be required on the Proxy and for users to be uniquely identified in the proxy logfiles.
This is a fairly urgent requirement which needs to be complete within 2 weeks.
The solution needs ideally to be tested on the developers own environment and implemented to our live environment with the least downtime and a proven rollback strategy. It would aid migration if the new authentication could fall back to the existing method automatically (both authentication methods were active together).
Additional detail can be obtained from OneLogin where SAML toolkits are available for a variety of languages to suit the developer:
[url removed, login to view]