在 Angular 7 项目中从第三方服务器读取 SAML 响应 [英] Reading the SAML response from third party server in Angular 7 project

问题描述

我创建了一个 angular 7 项目

http://myproject.com/

如果用户未登录，我将用户重定向到另一个安全身份验证服务器(https://secureauth.com) 进行登录.这里提示输入用户名和密码.然后它检查用户凭据.

If the user is not logged in the i redirect the user to another secure auth server(https://secureauth.com) to login.Here it promted to enther username and password.Then it checks the user credentials.

一旦用户成功登录到安全认证服务器.它返回一个 SAML 响应.为此，我已将返回 URL 启用为

once the user successfully logged in to the secure auth server. it returns the one SAML response. For that i have enabled the return URL as

http://myproject.com/ 

在安全认证服务器中.在这里，我需要处理来自我的 angular 项目的 SAML 响应.

in secure auth server. Here i need to process the SAML response from my angular project.

我有一些疑问，

我如何处理 angular 7 的 SAML 响应?因为它是一种客户端语言.是否有可能得到回应?

How can i process the SAML response in angular 7 ? Since it is a client side language. Is it possible to get the response ?

请分享一些关于此的想法.

Please share some ideas about this .

推荐答案

问题 1:这里我需要处理来自我的 angular 项目的 SAML 响应.我如何处理 angular 7 的 SAML 响应?

Question 1: Here i need to process the SAML response from my angular project. How can i process the SAML response in angular 7?

答案:
您需要使用 Angular 7 Web 应用程序实现 SAML SP，以处理您的 SAML IdP(例如 Shibboleth IdP)发送的 SAML 响应.

Answer:
You need to implement SAML SP with your Angular 7 web application to process the SAML response sent by your SAML IdP (such as Shibboleth IdP).

SAML2.0 WebSSO with angular client 在 GitHub 存储库是开源客户端 Angular2018 年 3 月发布的应用.

SAML2.0 WebSSO with angular client at GitHub repository is the open-source client Angular app released in March 2018.

为了在您的生产环境中快速部署 SAML SP，强烈建议使用第三方 SAML SP(例如带有 Angular 客户端的 SAML2.0 WebSSO).然后，您就有足够的时间为您的 Angular 7 Web 应用程序开发您自己的 SAML SP.

For quick deployment of SAML SP on your production environment, leveraging third-party SAML SP (such as SAML2.0 WebSSO with angular client) is highly recommended. Then you have sufficient time to develop your own SAML SP for your Angular 7 web application.

问题 2:因为它是一种客户端语言.是否有可能得到回应?

Question 2:Since it is a client side language. Is it possible to get the response?

答案:
是的.Angular 7 应用程序可以获取响应、解码 SAML 响应、验证 SAML 断言签名，然后从 SAML 响应中检索用户信息以登录到您的 Angular 7 应用程序
如果您使用 Angular 7 应用实施 SAML SP，并使用 Angular 7 应用的本地用户帐户映射 SAML 用户.

Answer:
Yes. It is possible for Angular 7 app to get the response, decode the SAML response, validate SAML assertion signature, and then retrieve the user info from the SAML response to log in to your Angular 7 app
if you implement SAML SP with your Angular 7 app and map SAML user with local user account of your Angular 7 app.

Angular 7 项目中的 SAML SP 负责读取来自第三方 SAML IdP 服务器的 SAML 响应(例如https://secureauth.com").

(I) 如何使用 Docker 构建和运行 Shibboleth SAML IdP 和 SPGitHub 存储库中的容器提供了有关使用 Shibboleth SAML IdP 和 OpenLDAP 构建基于 SAML 的身份验证/授权提供程序的说明.

(I) How to build and run Shibboleth SAML IdP and SP using Docker container at GitHub repository provides the instruction on building a SAML-based Authentication/Authorization Provider using Shibboleth SAML IdP and OpenLDAP.

• Shibboleth SAML IdP 负责身份联合.

• Shibboleth SAML IdP is responsible for identity federation.

OpenLDAP 负责身份验证.

OpenLDAP is responsible for identity authentication.

这将帮助您获得有关SAML SP 如何处理第三方 SAML IdP 发送的 SAML 响应的实践经验.

This will help you to gain hands-on experience on how SAML SP processes the SAML response sent by the third-party SAML IdP.

(II) 我已经验证了运行 Docker 的 Shibboleth SAML IdP(身份提供商)和 OpenLDAP 为以下企业应用程序提供的 SAML 单点登录 (SSO).换句话说，我利用运行 Docker 的 Shibboleth SAML IdP 和 OpenLDAP 成功登录到以下企业应用程序.

(II) I have validated SAML Single Sign-On (SSO) provided by Docker-running Shibboleth SAML IdP (Identity Provider) and OpenLDAP for the following enterprise applications. In other words, I leveraged Docker-running Shibboleth SAML IdP and OpenLDAP to log in to the following enterprise applications successfully.

Microsoft Office 365
Google G Suite
Salesforce
Dropbox
Box
Amazon AWS
OpenStack
Citrix NetScaler
VMware vCloud Director
Oracle NetSuite

(III) 另一个 StackOverflow 问题 如何使用 SAML 和 Shibboleth 实现或集成单点登录" 提供了有关 SAML 配置的宝贵信息和讨论.

(III) Another StackOverflow question "How to implement or integrate single sign on with SAML and Shibboleth" provides valuable information and discussions on SAML configuration.

这篇关于在 Angular 7 项目中从第三方服务器读取 SAML 响应的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！