Saml 2.0 Integration with ReactJS

adil · December 2, 2020, 12:56pm

Hi,

I have my ReactJs application that authenticating the user using Okta React SDK. This SDK is using OpenID and OAuth 2.0 to authenticate users. Now, I want to change the authentication flow from (OAuth 2.0) to (SAML 2.0) in my react application. So that user would authenticate using SAML2.0 flow instead of OAuth2.0.

For the backend, I’m using ruby on rails. I have gone through a number of blogs and documents But, looks like I am unable to find a way or examples where I could get some reference. Is this possible, what I’m trying to achieve ?.

Looking forward to you guys, I’m really stuck in it.

Thanks
Adil

mraible · December 2, 2020, 4:19pm

Why do you want to use SAML over OpenID Connect?

SAML was invented in 2005, while OIDC was invented in 2014. It’s like trying to use plain ol’ jQuery to build an app instead of using React.

adil · December 3, 2020, 7:19am

@mraible
Thank you very much for your response. Actually, In my company, they already have user licenses for the entire company if it is set-up with SAML 2.0. They say that OAuth 2.0 requires a cost per user. So I’m trying to figuring out the way to use SAML 2.0 in my react app. So that we do not have to incur new costs for users.
First of all, is this possible to do this? Or we have to only use OAuth with a new cost per user?

mraible · December 3, 2020, 2:19pm

Yeah, this is a problem we’d like to fix. If you buy our workforce identity product, you have to pay extra for API Access Management (which provides an OAuth authorization server). However, if you buy our customer identity product (aka create a developer account at developer.okta.com), you get API AM for free. Developer accounts are free and you get up to 1000 monthly active users. If you need more, you can buy more.

Ideally, API AM is included for free in both products. Unfortunately, this is not currently the case and it leads to people making bad decisions like trying to use SAML with React.

If you’re able to combine your front end and backend (e.g. package your React app in a Spring Boot app), that might be a solution. Backend frameworks tend to have better support for SAML.

sbauch · December 3, 2020, 10:57pm

I maintain an open source project that acts as a bridge between SAML and OAuth - ossoapp.com

You could deploy an instance of Osso, and consume it via OAuth from your rails application much as you do now. We even offer omniauth-osso if you’re using omniauth - https://github.com/enterprise-oss/omniauth-osso

Then Osso would handle SAML auth against Okta (or OneLogin, Ping, etc) and return the user to you as part of an OAuth 2.0 authorization code grant flow.

Osso is also written in Ruby, so it might help you implement SAML yourself.

Repo is here - https://github.com/enterprise-oss/osso

Feel free to shoot me a note if you’d like some help!