how to secure a spa application

Fri Jul 6 14:49:56 EDT 2018

>
> How can I route to a server api that is in charge of instantiating a jwt
> token?  Plus I have one more requirement, developers need to be able to
> access application without going through Shibboleth.  Please pardon my
> ignorance in this framework.

The simplest solution is likely to make your Shibboleth-protected landing
"page" generate the JWT -- whatever it needs to do to generate it -- and
deliver it with the application.

Greg

On Fri, Jul 6, 2018 at 11:32 AM Starkey, Don [BSD] - CRI <
dstarkey at bsd.uchicago.edu> wrote:

> Hello,
>
> How can I route to a server api that is in charge of instantiating a jwt
> token?  Plus I have one more requirement, developers need to be able to
> access application without going through Shibboleth.  Please pardon my
> ignorance in this framework.
>
> Any sample would be of great help.
>
> thank you,
>
> Don Starkey
> Lead Web Application Developer
>
> Center for Research Informatics
> The University of Chicago
> 5454 S. Shore Drive, 1D
> Chicago, IL 60637
> Phone:  773-834-4809
> Email:  dstarkey at bsd.uchicago.edu
>
> ________________________________________
> From: users [users-bounces at shibboleth.net] on behalf of Boyd, Todd M. [
> tmboyd1 at ccis.edu]
> Sent: Friday, July 06, 2018 1:27 PM
> To: Shib Users
> Subject: RE: how to secure a spa application
>
> If it's a true SPA, why don't you just have Shibboleth protect the entire
> thing (which exists as a single page)?
>
>
> -Todd
>
> -----Original Message-----
> From: users <users-bounces at shibboleth.net> On Behalf Of Starkey, Don
> [BSD] - CRI
> Sent: Friday, July 06, 2018 1:16 PM
> To: users at shibboleth.net
> Subject: how to secure a spa application
>
> Hello all,
>
>
>  I need a spa application to be secured with Shibboleth, which is used by
> our university.  The application is a single page angular application.  We
> can secure a page on the server, so we do have the ability to access
> Shibboleth from our server.  The workflow that I want to implement follows.
>
> 1 user tries to access a specific landing page (protected by Shibboleth)
> 2 user is re-routed to Shibboleth for credentials.
> 3 NOT KNOWN - how to have the request rerouted to the SPA application.  Is
> there a server side method available to generate a Jason Web Token for the
> Shibboleth Authenticated user and redirect to the SPA???
>
> I am very open to any workshops, or sample code that someone might have
> regarding Shibboleth's use in a single page application.  I have searched
> the web for such a sample without any luck.  Lack of Shibboleth integration
> would be a show stopper for us.  Any help or references are greatly
> appreciated.  I am sure someone has solved this problem.  Please help me, I
> am running out of resources.
>
> Thank you for your time and any help that you may offer.
>
> Any HELP is GREATLY appreciated!
>
>
> Don Starkey
> Lead Web Application Developer
>
> Center for Research Informatics
> The University of Chicago
> 5454 S. Shore Drive, 1D
> Chicago, IL 60637
> Phone:  773-834-4809
> Email:  dstarkey at bsd.uchicago.edu<mailto:jjohnso3 at bsd.uchicago.edu>
> --
> For Consortium Member technical support, see
> https://urldefense.proofpoint.com/v2/url?u=https-3A__wiki.shibboleth.net_confluence_x_coFAAg&d=DwICAg&c=Nd1gv_ZWYNIRyZYZmXb18oVfc3lTqv2smA_esABG70U&r=SyA2YCI7HlJq7K2uJNf8XuCvAFTPQKOAB76WrUUQM8M&m=vBiaYGxznKnY0EIj_eh1aEACGVfJfZC2tL-f6AL_yWo&s=cOLEhpS75ZidqZKETo_XPQVqNyN3wT9PN-7rMNJmyPw&e=
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
> --
> For Consortium Member technical support, see
> https://urldefense.proofpoint.com/v2/url?u=https-3A__wiki.shibboleth.net_confluence_x_coFAAg&d=DwICAg&c=Nd1gv_ZWYNIRyZYZmXb18oVfc3lTqv2smA_esABG70U&r=SyA2YCI7HlJq7K2uJNf8XuCvAFTPQKOAB76WrUUQM8M&m=vBiaYGxznKnY0EIj_eh1aEACGVfJfZC2tL-f6AL_yWo&s=cOLEhpS75ZidqZKETo_XPQVqNyN3wT9PN-7rMNJmyPw&e=
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
> --
> For Consortium Member technical support, see
> https://wiki.shibboleth.net/confluence/x/coFAAg
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20180706/8ec13d08/attachment.html>