setup-sso-subapp
OfficialEnable secure RS256 SSO for your sub-app
AuthorAscenseurs-Menetrey-SA
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill helps you secure a sub-application on menetrey-lift.ch so it can authenticate users via the intranet SSO cookie (amsa_session) without implementing any login or OAuth flows inside the sub-app.
Core Features & Use Cases
- SSO verification with JWKS (RS256): Validates JWTs using PyJWT’s PyJWKClient with proper issuer/audience checks and cache/rotation behavior.
- Automatic local user provisioning: Creates and updates local users on first authenticated request using SSO claims (with fallbacks for missing name fields).
- Production-ready infrastructure guidance: Configures backend fail-secure settings (e.g., docs disabled by default), frontend runtime configuration (window.RUNTIME_CONFIG), CORS with credentials, and Docker/Caddy routing for a new subdomain.
- Safety guardrails for admin management: Prevents administrative lockout through zero-admin protections and blocks self-mutations that could disable the last admin.
Quick Start
Run the SSO setup by applying the Skill’s checklist to your target sub-app (backend JWT verification + user provisioning, frontend redirect on 401 with withCredentials, and Docker/Caddy/CORS configuration) so authentication is SSO-only and always active.
Dependency Matrix
Required Modules
None requiredComponents
references
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: setup-sso-subapp Download link: https://github.com/Ascenseurs-Menetrey-SA/amsa-claude-skills/archive/main.zip#setup-sso-subapp Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.