Hi.I am trying to build an API for an online student website. This student website first requires a student to sign-in through a SAML 2.0 SSO webpage. It has a JSESSIONID created when you first go to the page.I have already implemented it with them manually giving their credentials to the API and the NodeJS server uses fetch to make a POST request to the server to log in. However, I feel that storing the student credential in plain-text in a JS variable is not very secure.I was wondering how I am can let others use my API and securely log in to the system (using NodeJS as the server) without them giving their student credentials to the API. I am not too sure how SAML 2.0 works nor SSO (though I've read some information about them) so I am fairly new to this.
Submitted September 26, 2020 at 09:49PM by Strikerzzs
No comments:
Post a Comment