问题
We have a Single Web Page application developed with Spring Boot + AngularJS, and we want integrate Okta for the authentication part.
- I have created a developer account on the Okta website, and configured an application using SAML 2.0
- Then I integrated the Okta Sign-in widget in an html page like this http://developer.okta.com/code/javascript/okta_sign-in_widget.html
But I don’t know how to make the link between the sign-in widget and the idp saml metadata (https://dev-xxx.oktapreview.com/app/exk8disnrzUPIpsuP0h7/sso/saml/metadata) ? Is the sign-in widget is compatible with SAML 2.0 ? or we must use OAuth2 protocol when using the Okta sign-in widget ?
Thanks
回答1:
The metadata file is meant to be consumed by the SAML toolkit you are using. For example, it has single sign on and single logout urls where SAML request will be sent.
However, if you are looking to use sign in widget to sign in to SAML app, then you would need to use custom login page option for your app and set it to use url of your login widget. Go to Application -> Your SAML App -> General Tab. Scroll down all the way to bottom and you will see section "App Embed Link". Edit that and select "Use Custom Login Page for this application" and enter the url of your login widget. Please see the image below.
Once you do that. You would need to pass app embed link of your SAML app (obtained from App Embed Link section also) in to setCookieAndRedirect function in your login widget. Please see example below.
oktaSignIn.renderEl(
{ el: '#okta-login-container' },
function (res) {
if (res.status === 'SUCCESS') {
res.session.setCookieAndRedirect('https://org-name.okta.com/home/<app_name>/0oa4x7wkpxxxHDG8N0x7/alm5xyyyyh8eH7M6dO0x6');
}
}
);
Later when you access your application it will take you to login widget, you sign in, it will establish session with Okta and log you in to application.
You can see the SAML request and response for this case in the SAML tracer.
来源:https://stackoverflow.com/questions/40170464/okta-signin-widget-with-saml