0

What I'm trying to do is a Silent Authentication with Auth0 as Identity Provider using SAML 2.0 protocol. I don't want to use the Auth0 SDK because the purpose of the Server Provider is to be able to change between Identity Providers. I have read this post and this other. I updated my login url from

https://{your_domain}.auth0.com/samlp/{client_id}

to

https://{your_domain}.auth0.com/samlp/{client_id}={connection your_db_connection_name}

As mentioned in the first link, but this only allow me to avoid redirections if the user has already an existing session. The second link refers to a parameter in the url:

prompt = none

But this is for OpenId Connect protocol, so I doesn't help me.

The current flow is the following:

  1. User send credentials to my Server Provider (this is useless because Auth0 requires the credentials in his widget)
  2. The Server Provider requests for SAML authentication to Auth0
  3. Auth0 redirects the user to his login Widget (the user enters the credentials again)
  4. The user get access

What I want to achieve is:

  1. User send credentials to my Server Provider
  2. The Server Provider Integrates the credentials (here is where I do not know how) in the SAML 2.0 request
  3. Auth0 receive and authenticate the credentials (without any kind of redirection)
  4. The user get access

What I'm using:

  • As Server Provider, Node JS with Express and saml2-js library
  • As Identity Provider, a Regular Web Application with the SAML2 Web App add-on on Auth0

I am new using SAML and Auth0 and I do not know much yet. Any guide or advice is welcome. Thank you.

(If I have flaws in my English, do not hesitate to comment, thanks)

Your Answer

By clicking "Post Your Answer", you acknowledge that you have read our updated terms of service, privacy policy and cookie policy, and that your continued use of the website is subject to these policies.

Browse other questions tagged or ask your own question.