IdP Initiated SSO to Angular App

Currently, we are using your .Net 4.5 components to implement IdP initiated SSO to our application roughly as in below architecture.

Now the target environment (Company - 2) is changing to Angular + Web API.
1. What is the equivalent for ComponentSpace SAML in Angular?
2. How to configure an Angular app to receive SSO?
3. How to read SSO attributes from a request in Angular?
4. How to amend multi-tenant SSO support in Angular?

We have an example ASP.NET Core application (ExampleWebApi) that acts as the service provider and handles SAML SSO on behalf of an Angular app.

This is documented in our Examples Guide.

Once SSO completes, the ASP.NET Core application returns a JWT to the Angular app so it can make authorized web API calls.

The JWT can include claims retrieved from the SAML assertion.

I checked it, but the problem is I want my Angular App to act as service provider & receive SSO & parse the request. When an identity user clicks on “Login to Angular App” SSO request send to Angular App URL. How can I redirect this SSO request to Web API without affecting any request parameters?
Moreover, Web API call might need to be Ajax because we don’t want to explore our API URL to end-user by browser redirect for security reasons.

Other Criteria:
Let’s consider, there is no Web API & Angular connecting directly to any NoSQL Db like Firebase.
Is there any possibility to validate & extract parameters from SSO request received on Angular App by intercepting it?


It sounds like you’re after a library to add the SAML support directly into your Angular application. We don’t have an Angular library and we don’t have any experience with 3rd party libraries so I can’t make any recommendations.

Thanks for the clarification.
If Component Space SAML is my only strict choice & it supports only .Net platform, how about having a “.Net SSO service provider” as middleware to receive SSO, authenticate user & redirect them to Angular App with a token which it can use to identify user session?
Suggest does the below architecture work?

Yes, that type of flow, where the ASP.NET Core application handles SAML SSO and there’s redirects etc between the ASP.NET Core application and the Angular application, will work.

The ExampleWebApi and Angular apps that we ship and that are documented in the Examples Guide do something similar. The ExampleWebApi handles the SAML SSO. Once SSO completes, it returns a JWT to the Angular app which is then sent when making web API calls. However, you can use whatever token type you wish to return to the Angular app.

Thanks for the clarifications.

I will try it.


You’re welcome.