Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
775 views
in Technique[技术] by (71.8m points)

reactjs - Keycloak SSO (SAML) with SpringBoot API and React

I am developing an application which has APIs developed in JAVA SpringBoot. These are pure REST APIs. The frontend is developed in React.

I am supposed to add authentication in React in such a way that - it uses Keycloak as IDP for user authentication before accessing SpringBoot APIs.

So far, I have seen that Keycloak can support keycloak.js which is JavaScript adapter for OPEN ID connect. But I want the solution for SAML 2.0.

Is there a way I can add SAML 2.0 SSO in React app?

Also one more question:

  • Application A is configured with SAML as authentication protocol in keycloak.
  • Application B is configured with OPEN ID connect as authentication protocol in keycloak and has permission to access Application A.

If a user authenticates to application B using OpenID connect and then tries to access Application A, will user be able to access Application A seamlessly or it will ask for authenticate again?

question from:https://stackoverflow.com/questions/65883210/keycloak-sso-saml-with-springboot-api-and-react

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

You need to handle authentication in your Spring Boot backend not in the react frontend (see: https://spring.io/projects/spring-security-saml) because SAML is only an authentication mechanism, it does not provide authorization like OpenId (there's no access token).

When the user is authorized, you could give back a session cookie to your react app that will provide the necessary information to authorize future API requests to your backend.

As for your second question, you could find a way to use the SAML assertion you used to connect to application A to retrieve an access token for Application B.

There is a specification for this kind of mechanism: https://tools.ietf.org/html/draft-ietf-oauth-saml2-bearer-20

Bear in mind that this would imply a lot of custom implementation work, you would be better to use OpenId across all your apps in order to have SSO for your users.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...