I am trying to implement SSO with SAML in a React application with .NET 7 as the back end. I was able to create a SAML authentication in .NET 7 wit an another Identity Management Services and it works fine with MVC. But I am not able to figure out how to add React into this. I would like to know that whether it is possible to implement SAML in React app with .Net back-end using Auth0. Any help would be really appreciated.
Welcome to the Auth0 Community!
Thanks for posting your question! Based on my research, adding SAML to the React app is hard and painful, and I would not recommend it.
It is true that you can’t use SAML directly from the SPA running in the browser. This is because SAML relies heavily on public/private key pairs of the parties involved to do message signing and encryption and a SPA in the browser can not give the protection needed for these.
SAML also involves other mechanisms like automatically posting forms that does not translate well to a in browser application.
In conclusion, SAML was not designed for things like SPAs. It was designed for a classic, old school, thick backend server - client setup. OIDC on the other hand is a more modern protocol that fit this use case perfectly.
Authenticating a React SPA towards a SAML IdP | SAMLSecurity
If you want to stick using SAML with React and .NET 7, your best bet is to rely on .NET to use SAML to communicate with another Identity Management Service and use OIDC in React to communicate with .NET. Introduction to authentication for Single Page Apps on ASP.NET Core | Microsoft Learn
Hi @dawid.matuszczyk ,
Thank you for your explanation. I really appreciate your help, your explanation was very helpful. We decided to continue with OIDC as you said.