Google Cloud Identity Platform has documentation for Service Provider-initiated SAML auth flows. After searching the docs and online, I can't find anything about Identity Provider-initiated flows.
Are IdP-initiated SAML flows supported at all by Identity Platform? Assuming I'm using the firebase JS SDK, what would receiving the IdP SamlResponse POST even look like?
Thanks!
I just found that the current docs call out:
Currently, only service-provider (SP) initiated SAML flows via the web SDK are supported.
We can create our own ACS handler endpoint
route.post('/sso/callback', (samlResponse) => {
// 1. Use passport saml or saml2 to parse the saml response
// 2. Then create a claim
const userId = samlResponse.user.uid;
const additionalClaims = {
premiumAccount: true,
userGroups: []
};
admin
.auth()
.createCustomToken(userId, additionalClaims)
.then((customToken) => {
// Send token back to client
})
.catch((error) => {
console.log('Error creating custom token:', error);
});
});
and then in the client application
firebase.auth().signInWithCustomToken(token)
.then((userCredential) => {
// Signed in
var user = userCredential.user;
// ...
})
.catch((error) => {
var errorCode = error.code;
var errorMessage = error.message;
// ...
});
