Forums, Documentation & Knowledge Base - ComponentSpace

SSO without redirection


https://componentspace.com/forums/Topic9969.aspx

By Natasha - 5/12/2019

How can we implement SSO using SAML2.0 without redirection? Are there any low level APIs in component space that can we used to post username/password to the IDP and get SAML assertion as response.
By ComponentSpace - 5/13/2019

This isn't supported by the SAML specification.
To achieve SAML SSO, the service provider must redirect to the identity provider. This is done by sending a SAML authn request either using an HTTP Redirect or HTTP Post (via the browser).
The SAML authn request may include the user's name and we support sending this but many identity providers don't support receiving the user name and will ignore it.
You cannot send the user's password for security reasons.
Login must occur at the identity provider site.
This isn't a limitation in our product but rather good security practice imposed by the SAML specification.