4

Developing a SPA (with VueJS) that is talking to our own REST API Backend(Separate server). Normal authentication flow in the SPA: User credentials after submission are sent to the backend and if authentication is successful a token is returned that is used in subsequent calls to the backend. However we have some customers that want an SSO and also want to use SAML for that. I'm struggling to find a good flow/solution on how to do this. Anybody have any suggestions?

My current idea:

  • SPA asks backend for the SAML Request (url)
  • SPA redirect user to the url received from the backend
  • User authenticates with the IDP
  • IDP redirect users back to the SPA with the SAML Assertion
  • SPA takes the SAML Assertion and passes it on the the backend
  • Backend verifies the Assertion and returns an access token to the SPA (if the assertion was valid)

The part I'm doubting is the SPA taking the Assertion and passing it to the backend.

Does anybody have another suggestion on how to do this or an improvement to my current idea.

Matt
  • 141
  • 3
  • If you are attempting to have multiple authentication schemes (which SAML is just one), then it is probably best that you have a service that handles the authentication handshake and return the token. Your application keeps using the token created for it as per normal, and you can simply add more identify providers to your architecture. – Berin Loritsch Oct 02 '19 at 23:31
  • @Matt what did you implement at the end? – dyesdyes Jul 20 '20 at 14:12

0 Answers0