How to integrate OIDC flow into SAML IDP Proxy

Tagged: , , ,

This topic has 1 reply, 2 voices, and was last updated 7 months ago by Brad Tumy.

  • Author
    Posts
  • #28507
     Wenhao_LIU
    Participant

    I currently have a working IDP Proxy Structure and will need to integrate an application which only supports OIDC SSO into this structure. In my opinion, I would l like to add a relay party that contains the login URL of the OIDC application. When users want to login to the OIDC application, they don’t visit the address of the OIDC application directly. They will visit the relay party and then be authenticated through SAML using IDP Proxy. After the cookie is generated in the Proxy Layer and the assertion is sent to the relay party, the relay party will trigger the OIDC flow between the application and the proxy layer. Because the user’s session is already generated, he/she doesn’t need to authenticate and the application could directly get the Authorization Code and can use the code to exchange for id_token and access_token. I wonder if this design is cost-efficient and if there is any better design?

    #28509
     Brad Tumy
    Participant

    Hey Wenhao_LIU,

    I’d recommend taking a look at the STS functionality in AM. Exchanging or Translating a SAML assertion for an OIDC token is an OOTB supported use case.

    Brad

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

©2021 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?