FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login
    1. Home
    2. varunghaswala
    V
    • Profile
    • Following 0
    • Followers 0
    • Topics 1
    • Posts 2
    • Best 2
    • Controversial 0
    • Groups 0

    varunghaswala

    @varunghaswala

    2
    Reputation
    1
    Profile views
    2
    Posts
    0
    Followers
    0
    Following
    Joined Last Online
    varunghaswala Unfollow Follow

    Best posts made by varunghaswala

    • FusionAuth as SAML relying party and custom login pages

      Hello,

      We have a setup where we use custom login pages for our applications and we use FusionAuth strictly as an API for managing our authentication infrastructure.

      One of our applications now needs to support SAML as an option to login. We are trying to add a button to our pages for Login with SAML, but are a bit lost on what we are actually required to do in this scenario.

      The SAML API endpoints seem to suggest, we should be to initiate a SAML request by using the Start a SAML login request, but it is not very clear in what the returned code is supposed to be?

      Is this the code that is meant to be a SAML request that is supposed to be posted to our SAML IdP or is this code needs to included as a relay state and we build the SAML request our selves?

      Can you please clarify @robotdan . Thank you

      Cheers

      posted in Q&A
      V
      varunghaswala
    • RE: FusionAuth as SAML relying party and custom login pages

      @dan Thanks for this. You are bang on point.

      • We had to make a call to FusionAuth to fetch the code(requestID)
      • We built a AuthN request that looked something like this:
      var samlRequestTemplate = `<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ns3:AuthnRequest xmlns="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:ns3="urn:oasis:names:tc:SAML:2.0:protocol"
    xmlns:ns4= "http://www.w3.org/2001/04/xmlenc#" Version="2.0" ProviderName="${idpName}"  ID ="${CODE_FROM_FUSIONAUTH}"  IssueInstant ="{issueInstant}" 
    Destination="${idpEndpoint}" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="${acsUrl}">
    <Issuer>${issuer}</Issuer>
    <ns3:NameIDPolicy Format="${nameIdFormat}" AllowCreate="false" />
</ns3:AuthnRequest>`;
      • Post this request to the Identity Provider.
      • Complete the login flow and catch the response from IdP. It has the code included as a InResponseTo attribute within the encoded samlResponse.
      • Call fusion to Complete the Identity Provider Login.

      Then on it is the same flow as a normal Login API based login.

      Cheers 🙂

      posted in Q&A
      V
      varunghaswala

    Latest posts made by varunghaswala

    • RE: FusionAuth as SAML relying party and custom login pages

      @dan Thanks for this. You are bang on point.

      • We had to make a call to FusionAuth to fetch the code(requestID)
      • We built a AuthN request that looked something like this:
      var samlRequestTemplate = `<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ns3:AuthnRequest xmlns="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:ns3="urn:oasis:names:tc:SAML:2.0:protocol"
    xmlns:ns4= "http://www.w3.org/2001/04/xmlenc#" Version="2.0" ProviderName="${idpName}"  ID ="${CODE_FROM_FUSIONAUTH}"  IssueInstant ="{issueInstant}" 
    Destination="${idpEndpoint}" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="${acsUrl}">
    <Issuer>${issuer}</Issuer>
    <ns3:NameIDPolicy Format="${nameIdFormat}" AllowCreate="false" />
</ns3:AuthnRequest>`;
      • Post this request to the Identity Provider.
      • Complete the login flow and catch the response from IdP. It has the code included as a InResponseTo attribute within the encoded samlResponse.
      • Call fusion to Complete the Identity Provider Login.

      Then on it is the same flow as a normal Login API based login.

      Cheers 🙂

      posted in Q&A
      V
      varunghaswala
    • FusionAuth as SAML relying party and custom login pages

      Hello,

      We have a setup where we use custom login pages for our applications and we use FusionAuth strictly as an API for managing our authentication infrastructure.

      One of our applications now needs to support SAML as an option to login. We are trying to add a button to our pages for Login with SAML, but are a bit lost on what we are actually required to do in this scenario.

      The SAML API endpoints seem to suggest, we should be to initiate a SAML request by using the Start a SAML login request, but it is not very clear in what the returned code is supposed to be?

      Is this the code that is meant to be a SAML request that is supposed to be posted to our SAML IdP or is this code needs to included as a relay state and we build the SAML request our selves?

      Can you please clarify @robotdan . Thank you

      Cheers

      posted in Q&A
      V
      varunghaswala