Auth0 Home Blog Docs

SSO using OIDC and SAML

Hi folks,

I’m trying to implement SSO between two applications:

  • Angular SPA using OIDC. Auth0 is SP & IDP (local user db)
  • SAP Web App using SAML. Auth0 is IDP.

Is SSO even supposed to work between applications that are using different protocols to authenticate users?
SSO integration with two SPAs using OIDC works fine.

Thanks
Jan

As long as the applications share the same set of enabled connections then SSO is possible independently of the fact that the applications use different protocols when talking to the identity provider (Auth0). However, there’s a few possible caveats depending on the exact flows (not strictly protocols) being used.

Having said that the following should allow for SSO:

  1. have the same connections enabled for both applications.
  2. application A initiates an OIDC request to the authorize endpoint.
  3. the universal login page is shown and the end-user authenticates either with username/password or another upstream identity provider.
  4. application A receives an OIDC response.
  5. application B performs a SAML SP-Initiated authentication request.
  6. due to the presence of an authenticated session the end-user will not have to actively authenticate and a SAML response can be returned.