Example of authenticating REST API with SAML from JavaScript?

cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Member II

Example of authenticating REST API with SAML from JavaScript?

I'm developing an integration from our asset inventory system to and Alfresco installation at a client. The Alfresco site is set up with SAML SSO against Office365.

I need to authenticate to get a ticket as described in https://docs.alfresco.com/saml1.0/concepts/develop-saml.html

The description here simply states "your application will have to open an embedded browser" and "Pick up the ticket from the JSON response and close the browser". From a React JavaScript application this is easier said than done. There are resitrictions as to what JavaScript can do with embedded browsers.

Does anyone have samples or can point to more information as to how to go about this?

2 Replies
Highlighted
Master

Re: Example of authenticating REST API with SAML from JavaScript?

With "application", I doubt the documentation was referring to other web applications, more like desktop / server applications, running in less restricted environments than browser-bound JavaScript.

I don't think there is any reasonable way to authenticate to Alfresco ReST API via SAML apart from actually, temporarily leaving your application and redirecting the browser through the authentication handshake.
I would certainly know how to achieve a clean integration without temporary redirects (after the initial user authentication in the React app), but that would require using a central authentication system (Keycloak) which federates authentications (including dealing with SAML), and having a unified user base across both the React app and Alfresco. Then the React app could just fetch an OIDC access token within the already established Keycloak session, and access Alfresco, all with just plain ReST (both Keycloak and Alfresco) and without redirects.

Highlighted
Member II

Re: Example of authenticating REST API with SAML from JavaScript?

OK, I feared something like that :-)

Perhaps another way to go would be to authenticate using basic authentication with some "service user" account. But then, would it be possible to somehow check the authorizations the logged in user has in Alfresco?