Problem: I am trying to integrate SAML SSO using Keycloak with HapiJS framework for NodeJS. I am getting "Invalid request" when the user is redirected to Keycloak as shown below. The npm package I am using is "hapi-passport-saml".
What I already tried:
HapiJS + Okta (SAML): By using this same npm package "hapi-saml-passport", I was able to integrate Okta SAML with my app and it is working successfully.
ExpressJS + Keycloak (SAML): Instead of HapiJS, I have successfully integrate keycloak with ExpressJS using packages "passport" and "passport-saml". But unfortunately these packages can't be used with HapiJS (if you know how to use these with HapiJS, please share that also).
Hapi + Keycloak (OpenID connect): I was able to integrate "OpenID connect" with Keycloak and HapiJS using package "hapi-auth-keycloak". But I want to integrate SAML, not OpenId connect.
There are multiple npm packages available for integrating OpenID connect with Keycloak and HapiJS, but none of them is supporting SAML.
Pointers I noted:
While integrating keycloak SAML with ExpressJS, I saw that a "SAML Request" is being appended in the URL while redirecting to keycloak as shown below (highlight blue in network requests) but in case of HapiJS, this request is not being appended (shown in network tab in screenshot 1):
Related
I am new to this field and have a lot of confusions, in this case, I have to implement single sign-on in a ReactJs application where it's back-end is node express using OKTA as the IDP?
Please share your thoughts.
Thank you
If you are deploying your ReactJS application using express, you can use passport-saml for managing your saml workflow.
The basic idea should be to serve up your app only if you recieve a valid saml response from the idp.
You can check more here : passport-saml
If u are using your react app without express, you can connect your okta app directly to your react sdk with open idc (okta has an option for this).
The system I am working with is made in PHP, and I was asked to upgrade it to a Node and Angular based System.
The credentials are dealt with SAML with ADFS Service using SSO.
Since this stuff works with sessions any work around when working with Angular2+ and NodeJs, I tried using passport-saml and seems to make the Node part work, but it doesn't authenticate when adding the Angular HTTP calls.
Besides, how to get groups and info from the ADFS?
I use jhipster 5.4.1. simple monolithic app with OAuth2. I try with both angluar or React generation.
It works with Keycloak local test.
I follow all instructions from https://www.jhipster.tech/security/ for Okta.
And then, I have error 404 when jhispter app trying to access okta
https://dev-796955-admin.oktapreview.com/error/404?fromURI=%2Foauth2%2Fdefault%2Fv1%2Fauthorize%3Fclient_id%My okta client id is here%26redirect_uri%3Dhttp%3A%2F%2Flocalhost%3A8080%2Flogin%26response_type%3Dcode%26scope%3Dopenid%2520profile%2520email%26state%some state
Are Instructions :
specify http://localhost:8080 as a Base URI and
http://localhost:8080/login as a Login Redirect URI
in okta web app correct ?
Remove the “-admin” from your Okta URL and everything should work.
I am trying to login clients using their email and password through Auth0 with a Node.js backend on the Azure app service and a Xamarin.Forms client. The problem is that I can't create a custom authentication on Node.js since the tutorial I was following used a .NET backend. I also followed this tutorial for Node.js backend both by the awesome Adrian Hall, but it seems to override the already exisiting Facebook login system, and I can't find enough material on that problem. Is there any other tutorial on doing that or am I getting something wrong?
You are doing something wrong. You can use Auth0 with no problems - Auth0 will be used for all the providers, and their client SDKs will allow you to choose Facebook, Google, Username/Password or anything else you need.
The mechanism for the process is as documented - I think you just need to re-read the blog post and understand the transaction - you use the Auth0 libraries to get the Auth0 token, then submit your Auth0 token to your custom login API (/.auth/login/custom) to mint an App Service token that is used by the Azure Mobile Apps client SDK.
I'm trying to use ADFS authentication for my Hapi.js applicatio.
I found only one option to do it using passport-saml but the examples there are for expressjs.
Anyone have an example how to do it using Hapi?
Thanks