Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Example of authenticating REST API with SAML from JavaScript?

haraldo
Champ in-the-making
Champ in-the-making

‎12-12-2019 03:03 AM

I'm developing an integration from our asset inventory system to and Alfresco installation at a client. The Alfresco site is set up with SAML SSO against Office365.

I need to authenticate to get a ticket as described in https://docs.alfresco.com/saml1.0/concepts/develop-saml.html

The description here simply states "your application will have to open an embedded browser" and "Pick up the ticket from the JSON response and close the browser". From a React JavaScript application this is easier said than done. There are resitrictions as to what JavaScript can do with embedded browsers.

Does anyone have samples or can point to more information as to how to go about this?

Labels:
0 Kudos
2 REPLIES 2

afaust
Legendary Innovator
Legendary Innovator

‎12-12-2019 05:00 AM

With "application", I doubt the documentation was referring to other web applications, more like desktop / server applications, running in less restricted environments than browser-bound JavaScript.

I don't think there is any reasonable way to authenticate to Alfresco ReST API via SAML apart from actually, temporarily leaving your application and redirecting the browser through the authentication handshake.
I would certainly know how to achieve a clean integration without temporary redirects (after the initial user authentication in the React app), but that would require using a central authentication system (Keycloak) which federates authentications (including dealing with SAML), and having a unified user base across both the React app and Alfresco. Then the React app could just fetch an OIDC access token within the already established Keycloak session, and access Alfresco, all with just plain ReST (both Keycloak and Alfresco) and without redirects.

0 Kudos

haraldo
Champ in-the-making
Champ in-the-making
In response to afaust

‎12-12-2019 05:27 AM

OK, I feared something like that 🙂

Perhaps another way to go would be to authenticate using basic authentication with some "service user" account. But then, would it be possible to somehow check the authorizations the logged in user has in Alfresco?

0 Kudos
Getting started

Explore our Alfresco products with the links below. Use labels to filter content by product module.

Copyright © 2025 Khoros, LLC