javascript - How to authenticate to a SAML relying party using a Web Application as a client -

i have been researching topic while without luck.

scenario: 1. login web application using standard form authentication. 2. login web application saml relying party.

issue: thought using iframe perform authentication saml relying party. fundamental issue in approach after finalizing saml authentication flow, need transfer persistent authentication token web application client (this token used subsequent access of web application saml relying party).

. can comment on whether right approach (security wise)?

. there alternative approach authenticating web based clients system configured saml relying party?

thanks in advance,

saimon

the question asking fundamental federation question. in terms of saml, there identity provider (idp) , service provider. idp has responsibility authenticate user , issue saml assertions sp web applications. in question, sounds application idp desires issue saml assertion sp web application (i interpreted saml relying party mean sp web application). keep in mind saml assertions focused on 1 time usage authentication sp web application saml assertion can contain attributes used authz.

another architecture integrate third party saml idp, such application sp , other application sp. both of sp web application use idp authn , receive saml assertions. again, authn , 1 time usage of information in saml assertion.

another architecture leverage openid connect (oidc) idp server. main difference tokens can long lived , used subsequent secure api transactions.

with respect security, of these protocols have security built them when integrated respective architecture.