.net-corevuejs2saml-2.0adfs

Authenticate Vue 2 SPA via SAML 2.0 and ADFS


I have done quite a bit of research over the last few weeks and have not found a situation that quite fits my problem so I was hoping I could turn to the community. The high-level view of my scenario is this:

I have a Vue 2 SPA using a .NET Core Api with MS SQL Server on the back end. I have a requirement to add SAML SSO via ADFS 5.0 on Server 2019 (our ADFS is controlled by a separate team, I cannot access the ADFS servers at all).

I do have the xml metadata from the ADFS team so I know the IDP entity ID, signing cert, etc. I would prefer to handle the authentication on the JS side if possible, the idea being that my SPA would route them to the SSO login so we can utilize Username/Password OR PIV token, then route my user back to my application.

I am honestly not sure where to even start. The similar issues I have found don't line up with what we need to do. I am happy to provide as many details as I can wherever possible. What I am hoping to learn is, effectively, the following:

  1. Start here, create this config in this location
  2. Set up the reroute
  3. Set this up in adfs
  4. Read the response from adfs and establish user access level
  5. User can access my application according to their permissions.

Thank you in advance,

Drew

Edit

A little more info I forgot to mention. My Vue SPA is hosted on a remote web server on a separate domain than our ADFS server


Solution

  • So, for anyone who stumbles across this post in a similar situation, the answer turned out to be that we needed to create a .NET web app to leverage WS Federation which met our authentication needs. This arlicle proved very helpful:

    https://learn.microsoft.com/en-us/aspnet/core/security/authentication/ws-federation?view=aspnetcore-6.0