Anyone securing an Angular application

Peter Schober peter.schober at
Fri Jul 20 03:15:21 EDT 2018

* Starkey, Don [BSD] - CRI <dstarkey at> [2018-07-19 16:50]:
> I am having trouble securing my Angular application.   The same shib
> setup works fine for .net apps and web form sites.

Well, those others are running in the web server. Your Angular
application runs in the web browser. So completely different in every

> So that is not an issue.  However, when I try to use the same shib
> setup to secure the angular application it does not work.

The example I (and others) have provided works. You don't provide
technical details what you did and what specifically differs in your

> the shib is trying to connect but it just displays the shib error
> page.  Following error in Dev Toolbox.
> GET<>SAML Request xxxxxxxx
> 500 server error, and Shib simply displays error page without giving option to sign in
> Also:
> Cross-Origin Read Blocking (CORB) blocked cross-origin response

That's the consequence of your client-side JavaScript code trying to
follow the HTTP 302 to the IDP, which cannot work. You'll need to do a
full browser redirect to the IDP if you want to use the SAML Web
Browser SSO Profile.


More information about the users mailing list