带有SAML的Okta登录小部件 [英] Okta SignIn Widget with SAML

问题描述

我们有一个使用Spring Boot + AngularJS开发的Single Web Page应用程序，我们希望将Okta集成到身份验证部分.

We have a Single Web Page application developed with Spring Boot + AngularJS, and we want integrate Okta for the authentication part.

• 我已经在Okta网站上创建了开发者帐户，并使用SAML 2.0配置了应用程序
• 然后，我将Okta登录小部件集成到这样的html页面中，例如 http ://developer.okta.com/code/javascript/okta_sign-in_widget.html

但是我不知道如何在登录小部件和idp saml元数据之间建立链接(

But I don’t know how to make the link between the sign-in widget and the idp saml metadata (https://dev-xxx.oktapreview.com/app/exk8disnrzUPIpsuP0h7/sso/saml/metadata) ? Is the sign-in widget is compatible with SAML 2.0 ? or we must use OAuth2 protocol when using the Okta sign-in widget ?

谢谢

推荐答案

元数据文件应由您正在使用的SAML工具包使用.例如，它具有将在其中发送SAML请求的单一登录和单一注销URL.

The metadata file is meant to be consumed by the SAML toolkit you are using. For example, it has single sign on and single logout urls where SAML request will be sent.

但是，如果您希望使用登录小部件登录SAML应用，则需要为应用使用自定义登录页面选项，并将其设置为使用登录小部件的url.转到应用程序->您的SAML应用程序->常规标签.一直向下滚动到底部，您将看到"App Embed Link"部分.编辑该内容，然后选择为此应用程序使用自定义登录页面"，然后输入您的登录小部件的URL.请参见下图.

However, if you are looking to use sign in widget to sign in to SAML app, then you would need to use custom login page option for your app and set it to use url of your login widget. Go to Application -> Your SAML App -> General Tab. Scroll down all the way to bottom and you will see section "App Embed Link". Edit that and select "Use Custom Login Page for this application" and enter the url of your login widget. Please see the image below.

一旦您这样做.您需要将SAML应用程序的应用程序嵌入链接(也可以从应用程序嵌入链接"部分获得)传递到登录小部件中的setCookieAndRedirect函数中.请参见下面的示例.

Once you do that. You would need to pass app embed link of your SAML app (obtained from App Embed Link section also) in to setCookieAndRedirect function in your login widget. Please see example below.

 oktaSignIn.renderEl(
      { el: '#okta-login-container' },
      function (res) {
        if (res.status === 'SUCCESS') {
          res.session.setCookieAndRedirect('https://org-name.okta.com/home/<app_name>/0oa4x7wkpxxxHDG8N0x7/alm5xyyyyh8eH7M6dO0x6');

        }
      } 
    );

稍后，当您访问应用程序时，将需要您登录小部件，然后登录，它将与Okta建立会话并登录到应用程序.

Later when you access your application it will take you to login widget, you sign in, it will establish session with Okta and log you in to application.

您可以在SAML跟踪器中查看此情况的SAML请求和响应.

You can see the SAML request and response for this case in the SAML tracer.

这篇关于带有SAML的Okta登录小部件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！