Single application can support both SPA and SAML?

VAMSI_VEGESNA · October 6, 2020, 8:10pm

We created our applications as SPA(OIDC) in Okta and they are good so far. But recently there is a requirement to support SAML authentication as well for some new set of users. How can we support both these flows for our applications? Does Okta provide any specific way to do that?

Below is my understanding until now.

I need to create a new app for SAML authentication.
Create a web page before the login page asking for the end user’s email.
Validate the email through a lookup table and then direct the user to respective authentication flow(either SPA or SAML).

gpadma · October 6, 2020, 11:27pm

Hi @VAMSI_VEGESNA,

OIDC and SAML are two different standards for federated authentication. In Okta, you could create an application that follows OIDC (SPA/web app…) or an application of type SAML, you cannot create a single application that supports both these standards in Okta.

dragos · October 7, 2020, 1:48am

Hi @VAMSI_VEGESNA

You would need to create an ACS endpoint inside your application which will receive the incoming SAMLResponse from Okta. Based on this SAMLResponse, you will need to create a session for the user inside the application. You can find more details about SAML here.

In short, this are the steps required to implement SAML inside your application:

create a SAML application in Okta
implement SAML in your application
- Okta does not offer a proprietary SAML SDK, however you can use a third party SAML SDK specifically for the language in which the application was made
configure the SAML SDK in your application with the values from Okta (issuer, public certificate, IDP SSO URL, etc.)
implement a method in the application to validate the SAMLResponse coming from Okta using the SAML SDK and, after verification, create a session for the user