ComponentSpace

Forums



SSO Identity + 2 Service Providers


SSO Identity + 2 Service Providers

Author
Message
Mervsy
Mervsy
New Member
New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)

Group: Forum Members
Posts: 2, Visits: 15
We have a 3rd party service that offers an SSO SP that we are using a custom IDP for.  We have a SPA that needs to be in sync with the 3rd party service provider.  Is there a way to do this without our SPA having to have it's own user-store, such as just session cookie or another option?
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (3.2K reputation)ComponentSpace Development (3.2K reputation)ComponentSpace Development (3.2K reputation)ComponentSpace Development (3.2K reputation)ComponentSpace Development (3.2K reputation)ComponentSpace Development (3.2K reputation)ComponentSpace Development (3.2K reputation)ComponentSpace Development (3.2K reputation)ComponentSpace Development (3.2K reputation)

Group: Administrators
Posts: 2.2K, Visits: 5.9K
Could you please elaborate?
What do you mean your IdP has to be in sync with the SP?
Do you mean you have to provision users at your IdP that are added to the SP user store?

Regards
ComponentSpace Development
Mervsy
Mervsy
New Member
New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)

Group: Forum Members
Posts: 2, Visits: 15
ComponentSpace - 4/11/2018
Could you please elaborate?
What do you mean your IdP has to be in sync with the SP?
Do you mean you have to provision users at your IdP that are added to the SP user store?

Because we are using a customer's antiquated 3rd party authentication, we are creating/authenticating the user on the identity server on the fly, then that in turn needs to dispatch the SAML auth info to the two service providers.
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (3.2K reputation)ComponentSpace Development (3.2K reputation)ComponentSpace Development (3.2K reputation)ComponentSpace Development (3.2K reputation)ComponentSpace Development (3.2K reputation)ComponentSpace Development (3.2K reputation)ComponentSpace Development (3.2K reputation)ComponentSpace Development (3.2K reputation)ComponentSpace Development (3.2K reputation)

Group: Administrators
Posts: 2.2K, Visits: 5.9K
The mechanism for authenticating the user at the identity provider is independent from the actual SAML SSO. We don't place any restrictions on this.
Our examples user Microsoft Identity but you can use whatever authentication mechanism you like.
Once the user is authenticated, you either call our SAML API or use our SAML middleware to create and send a SAML response to the service provider.
The SAML assertion contained in the SAML response can include whatever user identity information is required by the service provider. Normally this includes, as the user's primary identity information, a SAML name ID. Often this is the user's email address but it can be whatever makes sense for your requirements. The SAML assertion may also include SAML attributes (name/value pairs) with additional user identity information.
I suggest taking a look at our example projects to see how everything works and how you might integrate SAML SSO into your application.
The examples are documented in our Examples Guide.
https://www.componentspace.com/Forums/8236/Examples-Guide
Feel free to provide more details if I haven't answered your questions fully.



Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 5 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Social Logins

Select a Forum....









Forums, Documentation & Knowledge Base - ComponentSpace


Search