Modern access control

Set of Docker containers used during various trainings about modern access control. The focus currently is on SAML and OpenID Connect, as well as policy-based authorization.

Getting Started

Make sure to add the following items to your hosts file:	identityserver	movieswebapp	shibbolethidp	singlepageapp	productapi

Then run the following commands:

git clone
cd websec-ModernACREST
docker-compose -f docker-compose.yml build
docker-compose -f docker-compose.yml up

You typically want to go to the movieswebapp to start. However, this is limited to authentication since we do not call an external API. That's why the singlepageapp was added, which provides a nice example of how to call a REST API.


What things you need to install the software and how to install them

  • Docker


All of the applications run over plain HTTP. You should be using HTTPS when using these for something other than educational purposes.


Some of the improvements I would like to make when I find the time:

  • Single log-out for the SAML-side of things (OIDC's single log-out is configured)
  • Addition of other clients to show various OIDC flows


No project in this repo is an exact copy of the sources.


Please feel free to post issues, or inform me about improvements.

Start from scratch

If things don't work out, you can try to start from a new build:

docker-compose build --no-cache
docker-compose -f docker-compose.yml up --force-recreate

If all else fails, remove all containers and start over (run this from a unix bash, on Windows you can run it from git bash) Warning: this will remove all docker containers and images, not just the ones created in this project

docker stop $(docker ps -aq)
docker rm $(docker ps -aq)
docker rmi $(docker images -q)
docker-compose build
docker-compose -f docker-compose.yml up