Angular 4: Authentication with SAML and Token exchange

2
votes

I am working on setting up Angular 4 + NodeJS (for SAML-PASSPORT) + Spring Boot (all APIs) application.

This is the authentication and authorization flow: 1. In UI, user click on Login 2. Request is sent to SAML IDP for login 3. User authenticates himself 4. SAML IDP POSTs back on to my NodeJS API endpoint /login/callback 5. NodeJS redirect the user to front end - At this point I would like generate a Token and send it to the UI side. I cannot send it via URL

How would you solve this problem of sending User Detail/Token from NodeJS after SAML authentication to the front-end

In Angular 4, is there a Servlet like concept where I hit a route but the Route is capture behind the scene which showing the User the Token or details in the URL.

I don't want to do this: http:///landing/token=5384742894

I feel like this is a already solved problem, I am just not sure what is the right way to it.

1
angularjwtpassport.jssamlpassport-saml
Can you please let me know which IDP have you used? - yogesh rathod
The better way is pass the token in the request header something like this: Authorization: {YOUR TOKEN HERE} - Rahul Gupta
You still need to send the token first time to the UI before you can alter the request header with authorization info. Setting cookie in response and then redirect the control to the UI after authentication worked for me. Then subsequent requests were reading the Authorization token from cookie and adjusted the header using interceptor. - rohit12sh

1 Answers

-1
votes

I ended up using Cookie to send the key data over