how to secure a spa application
Boyd, Todd M.
tmboyd1 at ccis.edu
Fri Jul 6 14:27:13 EDT 2018
If it's a true SPA, why don't you just have Shibboleth protect the entire thing (which exists as a single page)?
-Todd
-----Original Message-----
From: users <users-bounces at shibboleth.net> On Behalf Of Starkey, Don [BSD] - CRI
Sent: Friday, July 06, 2018 1:16 PM
To: users at shibboleth.net
Subject: how to secure a spa application
Hello all,
I need a spa application to be secured with Shibboleth, which is used by our university. The application is a single page angular application. We can secure a page on the server, so we do have the ability to access Shibboleth from our server. The workflow that I want to implement follows.
1 user tries to access a specific landing page (protected by Shibboleth)
2 user is re-routed to Shibboleth for credentials.
3 NOT KNOWN - how to have the request rerouted to the SPA application. Is there a server side method available to generate a Jason Web Token for the Shibboleth Authenticated user and redirect to the SPA???
I am very open to any workshops, or sample code that someone might have regarding Shibboleth's use in a single page application. I have searched the web for such a sample without any luck. Lack of Shibboleth integration would be a show stopper for us. Any help or references are greatly appreciated. I am sure someone has solved this problem. Please help me, I am running out of resources.
Thank you for your time and any help that you may offer.
Any HELP is GREATLY appreciated!
Don Starkey
Lead Web Application Developer
Center for Research Informatics
The University of Chicago
5454 S. Shore Drive, 1D
Chicago, IL 60637
Phone: 773-834-4809
Email: dstarkey at bsd.uchicago.edu<mailto:jjohnso3 at bsd.uchicago.edu>
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
More information about the users
mailing list