3

We are building an Angular 5 app front end application with Node as the back end layer. The API requests to node from angular are authenticated via basic authentication but we are planning to implement SAML authentication for Angular web application via Okta

Can someone please advice how to implement SAML for Angular

Alice
  • 271
  • 2
  • 12
  • did you find any documentation concerning this issue? – wandos Feb 06 '18 at 13:36
  • I did not find any documentation yet. I have posted the question in Okta Developers forum, waiting for a response – Alice Feb 06 '18 at 19:56
  • In a nutshell, you will POST your user's credentials to Okta and get back a session url. From there you'll set the window location to the value of the session. Okta will do their thing and eventually set an HTTP-Only cookie and redirect you back to your application. From there, you'll need to pass back the cookie on every request to your backend. – Brandon Taylor Feb 06 '18 at 20:06
  • @Alice Did you get any response from Okta team? I implemented the same with openID using [this](https://devforum.okta.com/t/oidc-sso-authentication-token-storage-for-angular-spa-application/1197) but I needed with for SAML also. – Anil Kumar Pandey Aug 24 '18 at 10:45

1 Answers1

0

I have achieved this by adding single jsp page to collect post response from Okta. Received SAMLResponse then stored in localStorage (either encrypted or plain. It is upto you and your requirement). And then redirect to base url of angular app. You need to write a code to check if SAMLResponse is in localstorage. If yes, then simply send it to backend to process over rest api and clear the localStorage. If the SAMLResponse is not in localStorage the follow the regular login flow.

If you want to enable SLO, then you need to create non-angular form using ngNoForm directive on form element and send request as a post request. Redirect binding does not work.

<form ngNoForm method="POST" id="hiddenForm" action="idpUrl">
    <input type="hidden" id="SAMLRequest" name="SAMLRequest" value=""/>
    <input type="hidden" id="RelayState" name="RelayState" value=""/>
</form>
Kshitij
  • 649
  • 5
  • 8