Hi All, I have put together a Go based proof of concept SPOE agent that also implements a SAML 2 Service Provider (SP) in order to do "SSO" in HAProxy.
The code is located here: https://gitlab.com/andrewheberle/go-http-auth-sso The basic process is that SPOA is used to check if the user is logged in or not and then based on the set variables you can make decisions via "http-request" rules. This originally started out without the SPOE part and was using the Lua http-auth-request script (https://github.com/TimWolla/haproxy-auth-request), however with the release of the Go SPOE package (https://github.com/Aestek/haproxy-connect/tree/master/spoe) I rewrote it based on that. Our use case is to have the SP pointed to a IdP in Azure so we can do single-sign-on to Office 365 and we have "http-request" rules in place to set some custom headers that our application uses for authentication/authorisation. These are set based on the variables that come back from the SPOA, which come from the claims in the authentication process. Hopefully this is of some use to people. Any feedback and constructive criticism is welcome. -- Andrew Heberle