How to make ajax CORS requests to shibboleth protected rest api?
Luke Palnau
lpalnau at umich.edu
Wed May 27 14:23:09 EDT 2015
We're trying to integrate our (optional shibboleth login) non-prod website
on https://dartbbncdevv3.dsc.umich.edu with our new non-prod (shibboleth
protected) rest api on https://api-np.dev.umich.edu and are finding that
the website's ajax requests are getting not authorized responses (403s)
from the new api.
We've gotten public endpoints from the new api to work with the non-prod
website, but we're thinking the CORS ajax requests probably need additional
headers on them to be able to access the shibboleth protected endpoints.
Has anyone already figured this out? We'd really appreciate any advice on
this.
Our aim is to have the non-prod website keep the admin pages, but move the
api endpoints it relies on to a new api. Ultimately if CORS ajax is not
supported by shibboleth we may have to move the admin pages to the same
domain as the new api, but we are trying to avoid that move because the
website has a lot of public pages also that we don't want to separate or
lose the known public domain name.
-Luke
734.604.2271
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20150527/522bfa6f/attachment.html>
More information about the users
mailing list