'How to implement SAML in a Flutter Web Frontend Application and a SpringBoot REST API?

I'm trying to implement SAML into my application, which consists of a SPA (Flutter Web) and a REST API (Springboot). But I have a problem with implementing the communication between the Flutter Frontend application, the Springboot Rest API and the SAML Identity Provider.

Currently I have implemented an initial HTTP Request (@GetMapping("/initial")), which is called when the Flutter application is launched, which checks if SAML is configured and then sends the Authentication Post Request to the Identity Provider. My problem is that the Identity Provider answers to the Rest API to another Post Mapping in the RestController (@PostMapping("samlsso"). Then I generate a Bearer Token for the authenticated user to pass to the Flutter application to handle the Authentication status in the application and automatically log the user in.

But how do I get this token to the Flutter application? Since I'm using a REST controller I shouldn't save any variables in the controller, but in order for the Flutter application to receive data from the Rest API, it has to send a request for the token itself. But the Flutter application does not know, when the token is ready to receive. How can I implement this communication properly whitout any manual delays and saving values in variables in a RestController class?

PS: I have already tried sending a response.redirect from the PostMapping, which receives and handels the SAML response, directly to the Frontend, but I was only able to send it via the header and was not able to access it from the Flutter application.

Backend Code:

@RestController
class SamlController {

    var samlToken = ""

    @GetMapping("/initial")
    fun findToken() {
        sendAuthRequestToIdp()
    }

    @PostMapping("/samlsso")
    fun findAll(request: HttpServletRequest, response: HttpServletResponse) {
        val user = receiveAndHandleIDPResponse()
        //handle errors

        val token = generateTokenFromIDPResponse()
    
        samlToken = token
    }

    @PostMapping("/getSamlToken")
    fun findAll(): ResponseEntity<String> {
        return ResponseEntity.ok(samlToken)
    }
}

Frontend Code:

Future<String> fetchSamlAuthentication () async {
  var jwtString = '';

  await launch("api_url/initial"); // launch, so that the IDP website opens in the browser
  await Future.delayed(const Duration(milliseconds: 10000));//wait manually until token has been generated
  final response = await _client.post(Uri.parse("api_url/getSamlToken"), headers: headers);
  jwtString = response.body;

  return jwtString;
}

This is the only way I was able to authenticate a user with SAML, but it is not a clean/useable solution. I need a better way to get the genreated token to the Flutter application and be able to handle it.

flutterspring-bootsamlnginxlets-encryptletsencrypt-nginx-proxy-companion


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions

Nginx getting the event "ngx_master_****" was not signaled for 5s

Valid characters in nginx upstream name

Nginx proxy_pass with $remote_addr

Nginx the event was not signaled for 5s

how to serve static files through nginx and django in windows

The Streamlit app stops with "Please wait... " and then stops

The Streamlit app stops with "Please wait... " and then stops

Express and nginx net::ERR_CONTENT_LENGTH_MISMATCH

Express and nginx net::ERR_CONTENT_LENGTH_MISMATCH

Locate the nginx.conf file my nginx is actually using

Angular SPA with Custom --base-href and Nginx Routing

What does "trust proxy" actually do in express.js, and do I need to use it?

Nginx ingress controller not giving metrics for prometheus

(13: Permission denied) while connecting to upstream:[nginx]

Ubuntu Nginx/Laravel 500 Internal Server Error