portfolio· Major US health insurer · Sept 2023
Flashlight
A SAML SSO bridge for Qlik Sense that loads its entire configuration from AWS Parameter Store at startup: IdP metadata, certificate validation mode, signature algorithm, and claim mappings. Nothing security-sensitive ships in the deploy artifact.
Flashlight — SAML SSO bridge with runtime configuration
A .NET single sign-on service that bridges a SAML identity provider into Qlik Sense. Its distinguishing trait is where the configuration lives: Flashlight reads everything it needs from AWS Parameter Store at startup rather than carrying it in the deployment artifact.
What it does
- SAML SSO into Qlik Sense through the virtual-proxy routing the service manages.
- Runtime configuration retrieval reads IdP metadata, certificate validation mode, signature algorithm, and claim mappings from AWS SSM Parameter Store when the service starts.
- Nothing sensitive in the deploy — the build artifact is identical across environments; only the parameter path it reads changes.
Why it matters
Sourcing identity configuration and secrets at runtime, instead of baking them into the build, is the operational habit that secrets-management platforms exist to centralize. Flashlight applied it to SSO before that pattern was table stakes.
Where it ran
In production at a major US health insurer.