how to secure a spa application

Boyd, Todd M. tmboyd1 at
Fri Jul 6 14:27:13 EDT 2018

If it's a true SPA, why don't you just have Shibboleth protect the entire thing (which exists as a single page)?


-----Original Message-----
From: users <users-bounces at> On Behalf Of Starkey, Don [BSD] - CRI
Sent: Friday, July 06, 2018 1:16 PM
To: users at
Subject: how to secure a spa application

Hello all,

 I need a spa application to be secured with Shibboleth, which is used by our university.  The application is a single page angular application.  We can secure a page on the server, so we do have the ability to access Shibboleth from our server.  The workflow that I want to implement follows.

1 user tries to access a specific landing page (protected by Shibboleth)
2 user is re-routed to Shibboleth for credentials.
3 NOT KNOWN - how to have the request rerouted to the SPA application.  Is there a server side method available to generate a Jason Web Token for the Shibboleth Authenticated user and redirect to the SPA???

I am very open to any workshops, or sample code that someone might have regarding Shibboleth's use in a single page application.  I have searched the web for such a sample without any luck.  Lack of Shibboleth integration would be a show stopper for us.  Any help or references are greatly appreciated.  I am sure someone has solved this problem.  Please help me, I am running out of resources.

Thank you for your time and any help that you may offer.

Any HELP is GREATLY appreciated!

Don Starkey
Lead Web Application Developer

Center for Research Informatics
The University of Chicago
5454 S. Shore Drive, 1D
Chicago, IL 60637
Phone:  773-834-4809
Email:  dstarkey at<mailto:jjohnso3 at>
For Consortium Member technical support, see
To unsubscribe from this list send an email to users-unsubscribe at

More information about the users mailing list