This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Does Looker use tokens for SAML?

on ‎07-07-2021 03:46 PM

LookerExperts
Staff
0 0 70
Knowledge Drop

Last tested: Sep 18, 2019
 

Looker doesn't use tokens at all when authenticating with SAML.
In fact, we are 100% decoupled from Okta’s notion of sessions and how they keep users logged in or not.

When a user hits the ‘Authenticate’ button, we redirect the user’s browser to the SAML IdP and (implicitly) say “the user using this browser wants to log in, let me know if this is someone you trust and please give me info about them”. The IdP eventually redirects the user’s browser back to us with a signed SAML doc (or not if the IdP doesn’t trust this user). We verify the doc and then extract the info about the user that we care about (email, name, groups, etc).

We then forget about that SAML doc. There is no token-like thing we retain from that doc (other than the stable user id). We then maintain our own sessions and cookies to authenticate each request from a logged-in user as they use looker. But, that is all completely decoupled from any tokens or the like from the SAML IdP.

This content is subject to limited support.                

Topic Labels
0 Likes
Version history
Last update:
‎07-07-2021 03:46 PM
Updated by: