As I understand SAML Service Provider should be in front of my service. How is that going to work if Auth0 is configured as SAML Service Provider? Will Auth0 redirect authorized requests to my service?
Check out this page for a description, diagram and configuration video:
That page does not answer my question.
The client application that wants to access your service, would make an authorization request to Auth0, this can be via OAuth2;
Auth0 as the SAML SP federates further to the SAML IdP, …
…authentication and giving authorization consent (to allow the client application to access your service on behalf of the user) is done by the user, and Auth0 returns an access token with respective scope claims (permissions) back to the client application.
The client application can then directly use the access token with your service: sent as bearer token in the header of each request. These request don’t go through Auth0 but directly to your service. The self-contained access token in JWT format is verified there.
Let me know if this clarifies it a bit better.
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.