amplify-ui icon indicating copy to clipboard operation
amplify-ui copied to clipboard

Published 20 hours ago verified publisher icon aws-amplify

FR (Authenticator): Support SAML providers

Open ErikCH opened this issue 3 years ago • 16 comments

On which framework/platform would you like to see this feature implemented?

React, Angular, Vue

Which UI component is this feature-request for?

Authenticator

Please describe your feature-request in detail.

Our current documentation only shows Google, Facebook, Apple and Amazon as social providers. It would be nice to add in other external identity providers, bit SAML or OIDC, like with Microsoft Azure.

Please describe a solution you'd like.

Add a way for customers to add their own social providers and have them displayed for a user to login.

We love contributors! Is this something you'd be interested in working on?

  • [X] 👋 I may be able to implement this feature request.
  • [ ] ⚠️ This feature might incur a breaking change.

ErikCH avatar Jan 14 '22 18:01 ErikCH

I would also like to see this feature for React!

bestickley avatar Feb 16 '22 16:02 bestickley

Any update on this?

jmacmullin avatar Feb 13 '23 12:02 jmacmullin

Any updates?

d-belic avatar Apr 16 '23 13:04 d-belic

@bestickley @d-belic @jmacmullin, I'm trying to gather more requirements on this issue. Are you most interested in SAML or OIDC or both?

reesscot avatar Jun 19 '23 22:06 reesscot

@reesscot, I'm interested only in OIDC.

bestickley avatar Jun 19 '23 23:06 bestickley

Same, I'm only interested in OIDC at the moment.

jmacmullin avatar Jun 20 '23 00:06 jmacmullin

I'm interested in SAML

jgilewski-siili avatar Sep 11 '23 07:09 jgilewski-siili

SAML

quarryman avatar Sep 26 '23 23:09 quarryman

I'm interested in SAML. Any updates on this?

evertson90 avatar Oct 18 '23 14:10 evertson90

How were you thinking about the workflow and UX in general? Maybe a flexible approach, for example, routing based on the email domain could be a good option.

UX:

  • An email field is shown along all the currently support social providers (Google etc)
  • If a users enters an email, the backend looks up the email domain in the database, if it's supposed to be authenticated by a SAML provider. If the domain has no SAML provider associated, the current aws login flow can be used (password is shown now).
  • If the user is supposed to be authenticated with a SAML provider, then the backend returns the redirection links to the frontend and the frontend will redirect to the SAML provider.

Edit: I found some resources:

https://aws.amazon.com/blogs/security/use-the-hosted-ui-or-create-a-custom-ui-in-amazon-cognito/ https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-managing-saml-idp-naming.html

In some example I see that a user has the option between a corporate email and a regular login. I think this would lead to many UX issues and support calls. A single field and then dynamic routing on the email would be better I'd assume.

L-U-C-K-Y avatar Dec 02 '23 11:12 L-U-C-K-Y

Hi ! I also need this for a React project 🤗 @L-U-C-K-Y 's suggestion sounds perfect to me !

ThomasAribart avatar Dec 20 '23 13:12 ThomasAribart

I would like to see SAML support, please and thank you!

rwilliams3088 avatar Mar 13 '24 00:03 rwilliams3088

@bestickley @d-belic @jmacmullin, I'm trying to gather more requirements on this issue. Are you most interested in SAML or OIDC or both?

SAML

d-belic avatar Mar 13 '24 08:03 d-belic

SAML, please!

Show a button with a link like in the hosted UI would be enough

renanwilliam avatar Mar 28 '24 18:03 renanwilliam