Can Angular base App be connect using Xaml configuration data

Questions SAML
, ,
1

Hello,
I would really appreciate any help or guidance on this, please… :pleading_face:

I am on charge of upgrade a legacy application to be using OKTA Login. This legacy app is Angular1 .Net application with Active directory sign-on now.
I was provided with a xaml file (from the company Okta’team) and the configuration for it. It is suppose I used that file or the configuration info inside there to implement login through OKTA to replace the current AD verification login.

I self-trained myself using Okta.com dashboard to learn how to add a similar app into Okta system, generate configuration and how to integrate it into my app. I got all this working with the okta sign-in widget tutorial.
Embedded Okta Sign-In Widget fundamentals | Okta Developer
Code sample
const oktaSignIn = new OktaSignIn({

  •    baseUrl: "https://${yourOktaDomain}",*

  •    redirectUri: '{{https://${yourAppRedirectUri} configured in your OIDC app}}',*

  •    clientId: "${yourClientId}",*

  •    authParams: {*

  •      issuer: "https://${yourOktaDomain}/oauth2/default"*

  •    }*

  •  });*

HOWEVER, My company’s okta Team is asking me to get the legacy angular base app to be configured using the xaml file OR at least the data in there. It is mandatory for me to use the ds:X509Certificate key as part of the security enhancements. THE QUESTION: Does somebody know how can I add/set the ds:X509Certificate value using the json widget coding? That is the only part I haven’t resolve yet.

XAML configuration sample file:
<md:EntityDescriptor xmlns:md=“urn:oasis:names:tc:SAML:2.0:metadata” entityID=“http://www.okta.com/abc”>
<md:IDPSSODescriptor WantAuthnRequestsSigned=“false” protocolSupportEnumeration=“urn:oasis:names:tc:SAML:2.0:protocol”>
<md:KeyDescriptor use=“signing”>
<ds:KeyInfo xmlns:ds=“XML-Signature Syntax and Processing”>
ds:X509Data
ds:X509CertificateMBIGA1UECwwLU1NPUHJvdmlkZXIjfhslkhdlfdjis…etc etc etc</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
md:NameIDFormaturn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
md:NameIDFormaturn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>
<md:SingleSignOnService Binding=“urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST” Location=“https://onewp.okta.com/app/sample_site/abcabcabc/sso/saml”/>
<md:SingleSignOnService Binding=“urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect” Location=“https://onewp.okta.com/app/sample_site/abcabcabc/sso/saml”/>
</md:IDPSSODescriptor>
</md:EntityDescriptor>

2

You cannot do it in the angular app. You should handle the saml response in your backend and replace it with an access token or create a session cookie for the user