SAML2.0 Authentication with Node.js and SPA

After some thinking, I came up with the following solution which worked quite nicely for me.

SAML has something called RelayState which is a property that the Service Provider has to respond with. So now the process looks like this:

  1. User accesses http://frontendserver.com and gets server the static page with the React application (not signed in.).
  2. User clicks 'Login' and gets redirected to http://backendserver.com/login/?RelayState=http://frontendserver.com which authenticates via passport-saml and redirects user to SP. So I pass the origin of the request in RelayState.
  3. User calls back to http://backendserver.com/callback with the SamlResponse, which includes the RelayState.
  4. I create a token, and redirect the user to RelayState/#token.
  5. I can then parse the url in the React application, and add the token as a header for any further requests.

This might've seemed like the obvious way to do it, but it took me quite a while to figure out that this would work.

Tags:

Node.Js

Saml 2.0

Reactjs

Passport Saml

Recent Posts