Identity Provider (IdP)

As of Nauthilus 1.12, Ory Hydra and the legacy OAuth2 integration have been removed. Nauthilus now ships a native Identity Provider with:

• OpenID Connect (OIDC) using the Authorization Code grant
• SAML 2.0 IdP

This section documents configuration, endpoints and migration notes.

Migration note

If you previously used Hydra: remove all oauth2/hydra settings from your configuration and add the new idp.* sections described here. Route OIDC/SAML traffic to the native endpoints (/oidc/*, /saml/*) plus shared frontend paths such as /login, /logout, and /mfa/*.

Components

• OIDC endpoints: discovery, authorize, token, userinfo, introspection, JWKS, logout
• SAML2 endpoints: metadata, SSO, SLO
• Integrated consent UI and multi-factor authentication (TOTP, WebAuthn)

Configuration overview

Top-level IdP section in the main configuration file:

idp:
  terms_of_service_url: "https://example.com/tos"
  privacy_policy_url: "https://example.com/privacy"
  webauthn:
    rp_display_name: "Nauthilus"
    rp_id: "localhost"
    rp_origins: ["https://localhost"]
    authenticator_attachment: "platform"
    resident_key: "preferred"
    user_verification: "preferred"
  oidc: { ... }
  saml2: { ... }

• For detailed OIDC configuration, see OIDC.
• For detailed SAML2 configuration, see SAML2.
• For customizing the user interface, see Templates.
• For a complete reference of all new IdP settings, see Reference.

Related

• OIDC (Authorization Code)
• SAML2
• Templates & Customization
• Reference (all IdP settings)
• Release notes 1.12 (breaking changes)