My admin has created one application in Azure AD with SAML SSO and has shared xml certificates.
I have integrated that application’s configuration in my angular project with the help of MSAL but the issue with this was user was asked to grant permission if he is logging in first time.
My admin has clearly mentioned neither application should ask for permission nor user will grant it any time After reading lot of stuff I came to know that I might be using openID connect flow due to which it is asking for permission how can I use that certificate and SAML SSO flow in my Angular application to avoid this asking of permission.
I also tried with blank scope in MSAL but still was asking for permission
So, I guess I need to use SAML SSO flow in angular Please guide what next step should I take. I have setup application in Azure AD Portal.
After I went through lot of documents online I came to conclusion that SAML authentication should be used at backend. As a backend you can use java, php or any other thing feasible for the project.I tried with php and it is working fine.
I guess while using openID connect flow for logging in Azure AD in Angular there is no way to avoid asking this permission. Its better to use SAML flow in which you will require IDP, service provider and reply url.
From angular you will need to call that one url(where SAML is implemented on backend), and after successful response from AD your backend/Azure AD will redirect you back to your angular application.