Keycloak SSO (SAML) with SpringBoot API and React

1
votes

I am developing an application which has APIs developed in JAVA SpringBoot. These are pure REST APIs. The frontend is developed in React.

I am supposed to add authentication in React in such a way that - it uses Keycloak as IDP for user authentication before accessing SpringBoot APIs.

So far, I have seen that Keycloak can support keycloak.js which is JavaScript adapter for OPEN ID connect. But I want the solution for SAML 2.0.

Is there a way I can add SAML 2.0 SSO in React app?

Also one more question:

  • Application A is configured with SAML as authentication protocol in keycloak.
  • Application B is configured with OPEN ID connect as authentication protocol in keycloak and has permission to access Application A.

If a user authenticates to application B using OpenID connect and then tries to access Application A, will user be able to access Application A seamlessly or it will ask for authenticate again?

1
reactjsspring-bootkeycloakopenid-connectsaml-2.0

1 Answers

2
votes

You need to handle authentication in your Spring Boot backend not in the react frontend (see: https://spring.io/projects/spring-security-saml) because SAML is only an authentication mechanism, it does not provide authorization like OpenId (there's no access token).

When the user is authorized, you could give back a session cookie to your react app that will provide the necessary information to authorize future API requests to your backend.

As for your second question, you could find a way to use the SAML assertion you used to connect to application A to retrieve an access token for Application B.

There is a specification for this kind of mechanism: https://tools.ietf.org/html/draft-ietf-oauth-saml2-bearer-20

Bear in mind that this would imply a lot of custom implementation work, you would be better to use OpenId across all your apps in order to have SSO for your users.