I need to implement SAML in Angular applications having variety of backend technologies as java, node, an esb and a couple more. There are too many applications and can not rewrite backends, so what is the good stragedy / architecture to implement SAML ?
In heterogeneous scenarios, I would personally use a multi-layered approach, enabling SAML at web-server level.
For instance, you can setup an Apache instance to use Shibboleth as access control module. Apache will indeed process all the HTTP/HTTPS requests, and Shibboleth will handle the SAML requests according to your configuration and your access rules.
However, take into account that you have to probably configure as well a Gateway Interface (i.e. WSGI for Python-based solutions) or a proxy module (mod_proxxy
) in order to run your web applications against Apache.