Session validation in Single Page Application with SP 3.0.2

Ron Harris neo204011 at
Wed Nov 14 08:52:10 EST 2018


We are using Shibboleth SP 3.0.2.
One of Our application is a Single Page Application. The URL of the
application is Shibboleth protected, so to access the application one has
to authenticate.
Once authenticated, Angular application gets downloaded in browser. And
hence it doesn't require the browser to be refresh again.
Angular Application calls REST APIs which are outside Shibboleth.

This posses us with a problem where we are unable to verify if the ADFS
session is active or not.
Its not possible to bring the REST APIs under Shibboleth, as other
applications too use them.

Kindly let me know if anyone have come across this scenario, what should be
the standard practice.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list