I am fairly new to SSO as this is my first time setting up an integration with an IdP. We already have Auth0 as our SP and IdP for our standard web app, but we are exploring the option of letting customers bring their own SAML IdP for SSO use. Here is our current implementation of Auth0:
Couple things to note about our implementation:
- We don’t use any of Auth0’s login pages
- We use Auth0’s authentication API to perform the login attempt via our API.
With all that being said, I am not 100% sure how to implement Auth0 as our SP for SSO. What makes sense to me and my current auth flow would be something like this:
I followed the setup listed here to configure a test Auth0 tenant as my IdP. I can get all the way to receiving the SAML Response from the IdP (both using test html app in the docs and my own app as the POST redirect from the IdP). I’ve poured over the SSO docs on Auth0’s site, but couldn’t find anything that looked super specific to my use case.
Is it possible to accomplish what I am thinking in my second diagram? If not, what is the best solution to get the user from the SAML response?
I found this endpoint, but I am not sure if that is what I am looking for either. I will try it, though. (Authentication API Explorer)