Anyone securing an Angular application
Peter Schober
peter.schober at univie.ac.at
Fri Jul 20 03:15:21 EDT 2018
* Starkey, Don [BSD] - CRI <dstarkey at bsd.uchicago.edu> [2018-07-19 16:50]:
> I am having trouble securing my Angular application. The same shib
> setup works fine for .net apps and web form sites.
Well, those others are running in the web server. Your Angular
application runs in the web browser. So completely different in every
way.
> So that is not an issue. However, when I try to use the same shib
> setup to secure the angular application it does not work.
The example I (and others) have provided works. You don't provide
technical details what you did and what specifically differs in your
requirements.
> the shib is trying to connect but it just displays the shib error
> page. Following error in Dev Toolbox.
>
> GET https://shibboleth2.uchicago.edu/idp/profile/SAML2/Redirect/SSO?SAMLhttps://shibboleth2.uchicago.edu/idp/profile/SAML2/Redirect/SSO?<https://shibboleth2.uchicago.edu/idp/profile/SAML2/Redirect/SSO?SAML>SAML Request xxxxxxxx
>
> 500 server error, and Shib simply displays error page without giving option to sign in
>
> Also:
>
> Cross-Origin Read Blocking (CORB) blocked cross-origin response https://shibboleth2.uchicago.edu
That's the consequence of your client-side JavaScript code trying to
follow the HTTP 302 to the IDP, which cannot work. You'll need to do a
full browser redirect to the IDP if you want to use the SAML Web
Browser SSO Profile.
-peter
More information about the users
mailing list