Session validation in Single Page Application with SP 3.0.2
neo204011 at gmail.com
Thu Nov 15 09:47:14 EST 2018
Thank you Peter, I will give it a try.
On Thu, Nov 15, 2018 at 4:09 PM Peter Schober <peter.schober at univie.ac.at>
> * Ron Harris <neo204011 at gmail.com> [2018-11-14 19:03]:
> > These APIs are protected with some Basic Authentication, but they
> > are exposed only over intranet.
> FWIW, in our case the API is being hosted on the same server where the
> browser established a Shib session with and downloaded the Angular
> application from, so API access either requires Shib attributes
> (without forcing the creation of a session) or alternatively accepts
> tokens in HTTP Basic Auth headers.
> So other API clients are not forced to get a Shib session either.
>  <Location /api/>
> AuthType shibboleth
> ShibRequestSetting requireSession false
> Require shib-session # or whatever
> <If "-n req('Authorization')">
> AuthType Basic
> AuthBasicProvider ...
> Require user ...
> # etc.
> For Consortium Member technical support, see
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the users