Is possible to authenticate a SPA and Java API REST with SAML?

[Jonathan Ruiz]

Hi!, im trying to implement SAML(Azure AD) authentication to my SPA app (React), this app consumes a Java Backend (Vertx).
I took Vertx Demo as intial point, but a notice this is oriented to backend rendering as it protect resources and returns a HTML.
The frontend files are mounted in a Nginx server and can be access by "domain.com/". 

Currently I achieved to trigger the auth proces by accesing the "/auth/login" route and it works correctly, after the auth process it redirects me to "domain.com/" as I specified in 
final CallbackHandlerOptions callbackHandlerOptions = new CallbackHandlerOptions()
.setDefaultUrl("https://domain.com/) 

.setSaveInSession(true)
.setMultiProfile(false);
but obviously this is not the correct way to do this.

Is possible to protect a SPA using SAML?
Any guidance or suggest are very appreciated. Thanks!

[Jérôme LELEU]

Hi,

Yes, it's the correct way to do this: after the successful authentication, generally, a /profile endpoint is exposed to allow the SPA to check the authentication stored by the backend.

Thanks.

Best regards,

Jérôme

--
You received this message because you are subscribed to the Google Groups "Pac4j users mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pac4j-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/pac4j-users/a1dd6e8e-3c8a-4ef0-80f6-f0058c27dac1n%40googlegroups.com.