Anyone securing an Angular application
Greg Haverkamp
gahaverkamp at lbl.gov
Fri Jul 20 11:07:16 EDT 2018
>
> Are you saying that you cannot secure a client side application run in
> the browser with shibboleth? Do you have an example of how to do this if
> it is possible?
What you described the last time around was a requirement to fetch a JWT
that could then be used to authorize API calls from your Angular app. In
response, I described one mechanism you could use to do that.
It took me about 10 seconds of Googling to find a variation:
https://stackoverflow.com/questions/46316345/shibboleth-authentication-for-an-angular-single-page-application-spa
And of course, if there's no JWT involved, you can certainly authorize
API's solely with a session cookie, if you API is fronted by the Shibboleth
SP.
But there's no single answer.
Greg
On Fri, Jul 20, 2018 at 9:57 AM Starkey, Don [BSD] - CRI <
dstarkey at bsd.uchicago.edu> wrote:
> Are you saying that you cannot secure a client side application run in
> the browser with shibboleth? Do you have an example of how to do this if
> it is possible?
>
> Thanks again,
> Don
>
> -----Original Message-----
> From: users [mailto:users-bounces at shibboleth.net] On Behalf Of Peter
> Schober
> Sent: Friday, July 20, 2018 2:15 AM
> To: users at shibboleth.net
> Subject: Re: Anyone securing an Angular application
>
> * Starkey, Don [BSD] - CRI <dstarkey at bsd.uchicago.edu> [2018-07-19 16:50]:
> > I am having trouble securing my Angular application. The same shib
> > setup works fine for .net apps and web form sites.
>
> Well, those others are running in the web server. Your Angular
> application runs in the web browser. So completely different in every
> way.
>
> > So that is not an issue. However, when I try to use the same shib
> > setup to secure the angular application it does not work.
>
> The example I (and others) have provided works. You don't provide
> technical details what you did and what specifically differs in your
> requirements.
>
> > the shib is trying to connect but it just displays the shib error
> > page. Following error in Dev Toolbox.
> >
> > GET
> https://shibboleth2.uchicago.edu/idp/profile/SAML2/Redirect/SSO?SAMLhttps://shibboleth2.uchicago.edu/idp/profile/SAML2/Redirect/SSO
> ?<https://shibboleth2.uchicago.edu/idp/profile/SAML2/Redirect/SSO?SAML>SAML
> Request xxxxxxxx
> >
> > 500 server error, and Shib simply displays error page without giving
> option to sign in
> >
> > Also:
> >
> > Cross-Origin Read Blocking (CORB) blocked cross-origin response
> https://shibboleth2.uchicago.edu
>
> That's the consequence of your client-side JavaScript code trying to
> follow the HTTP 302 to the IDP, which cannot work. You'll need to do a
> full browser redirect to the IDP if you want to use the SAML Web
> Browser SSO Profile.
>
> -peter
> --
> For Consortium Member technical support, see
> https://urldefense.proofpoint.com/v2/url?u=https-3A__wiki.shibboleth.net_confluence_x_coFAAg&d=DwICAg&c=Nd1gv_ZWYNIRyZYZmXb18oVfc3lTqv2smA_esABG70U&r=SyA2YCI7HlJq7K2uJNf8XuCvAFTPQKOAB76WrUUQM8M&m=LMwCx0Xj4_eOxTxmtplTXT5oowThaqgB-DdWZIer6Oc&s=BFUoa3iwHOxtB_jYqshr2bALBzazURIabGj0kBzMepM&e=
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
> --
> For Consortium Member technical support, see
> https://wiki.shibboleth.net/confluence/x/coFAAg
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20180720/c7a354d8/attachment.html>
More information about the users
mailing list