Question

Developing a SPA (with VueJS) that is talking to our own REST API Backend(Separate server). Normal authentication flow in the SPA: User credentials after submission are sent to the backend and if authentication is successful a token is returned that is used in subsequent calls to the backend. However we have some customers that want an SSO and also want to use SAML for that. I'm struggling to find a good flow/solution on how to do this. Anybody have any suggestions?

My current idea:

  • SPA asks backend for the SAML Request (url)
  • SPA redirect user to the url received from the backend
  • User authenticates with the IDP
  • IDP redirect users back to the SPA with the SAML Assertion
  • SPA takes the SAML Assertion and passes it on the the backend
  • Backend verifies the Assertion and returns an access token to the SPA (if the assertion was valid)

The part I'm doubting is the SPA taking the Assertion and passing it to the backend.

Does anybody have another suggestion on how to do this or an improvement to my current idea.

No correct solution

Licensed under: CC-BY-SA with attribution
scroll top