Skip to content

PassBeyondSAML authentication for any web application

Put a SAML Service Provider in front of applications that do not support SAML themselves.

What is PassBeyond?

PassBeyond is a SAML Service Provider and authentication reverse proxy. It sits between a public reverse proxy and a backend application. Users authenticate at your Identity Provider (IdP); PassBeyond then validates a signed session cookie and forwards authenticated requests to the application.

The backend receives the authenticated user in headers such as X-Passbeyond-User and mapped attributes in X-Passbeyond-Data-*. It does not need to implement the SAML protocol itself.

text
Browser → TLS reverse proxy → PassBeyond → Backend application

                         SAML Identity Provider

Authorization remains an application concern

PassBeyond authenticates users and supplies identity data. The backend application must still decide which resources each authenticated user is allowed to access.

Where to begin

Follow Getting started to install PassBeyond, register its SAML endpoints, protect a first application, and verify the result. Container users can start with Container deployment.

Before a production rollout, select a supported reverse proxy configuration and application integration, then read the security model, known limitations, and operations runbooks.

Released under the MIT License.