We have a 3rd party service that offers an SSO SP that we are using a custom IDP for. We have a SPA that needs to be in sync with the 3rd party service provider. Is there a way to do this without our SPA having to have it’s own user-store, such as just session cookie or another option?
Could you please elaborate?
What do you mean your IdP has to be in sync with the SP?
Do you mean you have to provision users at your IdP that are added to the SP user store?
[quote]
[/quote]
Because we are using a customer's antiquated 3rd party authentication, we are creating/authenticating the user on the identity server on the fly, then that in turn needs to dispatch the SAML auth info to the two service providers.
The mechanism for authenticating the user at the identity provider is independent from the actual SAML SSO. We don’t place any restrictions on this.
Our examples user Microsoft Identity but you can use whatever authentication mechanism you like.
Once the user is authenticated, you either call our SAML API or use our SAML middleware to create and send a SAML response to the service provider.
The SAML assertion contained in the SAML response can include whatever user identity information is required by the service provider. Normally this includes, as the user’s primary identity information, a SAML name ID. Often this is the user’s email address but it can be whatever makes sense for your requirements. The SAML assertion may also include SAML attributes (name/value pairs) with additional user identity information.
I suggest taking a look at our example projects to see how everything works and how you might integrate SAML SSO into your application.
The examples are documented in our Examples Guide.
https://www.componentspace.com/Forums/8236/Examples-Guide
Feel free to provide more details if I haven’t answered your questions fully.