SAML is not designed for SPA.
“The SAML SSO flows were designed with a browser in mind sending SAML messages to a web application either as HTTP redirects or HTTP Posts. Authentication sessions are then established in this browser session.”
OpenID Connect is the correct protocol to use.
Why is SAML being enforced?
Maybe this:
Distraction-free reading. No ads.
Organize your knowledge with lists and highlights.
Tell your story. Find your audience.
Read member-only stories
Support writers you read most
Earn money for your writing
Listen to audio narrations
Read offline with the Medium app
NZ Microsoft Identity dude and MVP. Entra ID/Entra External ID/Azure AD B2C/VC. StackOverflow: https://bit.ly/2XU4yvJ Presentations: http://bit.ly/334ZPt5
