SAML 2.0 Single Sign on in Web-application (SPA)

1
votes

in my project (a Single Page Application with nodeJs backend) i want to provide a SAML Single Sign On.

While the data-flow and authentication process is clear to me, i'm a little bit confused about the implementation.

The idea is to let the users configure their SAML authentication provider for their account itself in the application settings when other SSO-Login providers as Google, Facebook, Twitter etc. not enough.

  1. Is it possible to implement a generic SAML module, that given a url is able to handle SAML requests to arbitrary custom identity-providers?
  2. Do i need to write custom code for each SAML identity-provider?
  3. What famous SAML identity provider are available out there?
  4. Is there a library for frontend and/or nodejs backend available that provides most famous identity-provider out of the box?
1
javascriptnode.jssamlsaml-2.0
Did you ever get a soln for saml-spa SSO design pattern best practice?Tom McDonald

1 Answers

2
votes

SAML is a Single sign-on option for enterprise users. Having said that, you cannot let users to decide which IdP to use. It is the admin job to establish the trust between IdP and your app (SP) by establishing the metadata with public certificates.

Since SAML is a standard specification, you have to write single SP implementation of SAML and that can work with all IdPs you choose.

There is no famous IdP out there, you have decide on what IdP your app (SP) is going to talk to do user authentication. Check if Shibboleth and OpenSAML library help your needs.