I want to use your component, but I don’t have an ASP.NET client backend. Instead, I have a 100% angular app that makes calls to a WebApi backend.
My question is: can I somehow have the SAMLClient send the necessary SSO information to an angular page/controller via query string? Then the angular controller could make a typical ajax call to the webapi backend which would, in turn, process the SSO information, and send a success/failure login status back to the angular controller.
Does this make sense? Is it possible?
The SAML SSO flows were designed with a browser in mind sending SAML messages to a web application either as HTTP redirects or HTTP Posts. Authentication sessions are then established in this browser session. Doing something similar with Ajax and webapi might be more difficult and I’m afraid we don’t have any examples of this. Understanding the SSO flows might help you determine whether this would be feasible in your scenario.
You’ll find the flows (IdP-initiated SSO and SP-initiated SSO) described in the following forum topics.
http://www.componentspace.com/Forums/21/IdPinitiated-Single-SignOn
http://www.componentspace.com/Forums/22/SPInitiated-Single-SignOn
A useful exercise to better understand these flows would be to use something like Fiddler to capture and view the SSO flow using the ExampleIdentityProvider and ExampleServiceProvider that we ship.