Server-side Application Using SAML and the Okta Sign-in Widget

We created an okta application configured to use SAML and we’re now trying to use the Okta Sign-in widget to authenticate and need additional clarity.

Context
We created a server-side web application that used saml and the okta-hosted login flow originally. We proved out the registration and the sign-in through this effort, but we’ve since added the sign-in widget to our login flow. We’d like our SSO url to continue receiving the login callback post request with the user’s okta session information.

Is this a matter of configuring the sign-in widget properly? Or do we somehow need to make this post manually in the success callback from within the widget context?

Additional Clarification:

We’re unsure if Okta can respond to our servers and if it can respond with a SAML response. And specifically, can this happen using the self-hosted login flow using the sign-in widget, or is the expectation that the sign-in widget JS will instead handle all of this? If so, is there additional configuration we need to provide?

If you’re using SAML then you’ll want to use res.session.setCookieAndRedirect(url) in the success callback of the widget where you would replace url with the SAML app url or the app embed link.

https://developer.okta.com/docs/guides/session-cookie/overview/#initiate-a-saml-sso-with-the-session-token

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.