Session validation in Single Page Application with SP 3.0.2
Ron Harris
neo204011 at gmail.com
Thu Nov 15 09:47:14 EST 2018
Thank you Peter, I will give it a try.
On Thu, Nov 15, 2018 at 4:09 PM Peter Schober <peter.schober at univie.ac.at>
wrote:
> * Ron Harris <neo204011 at gmail.com> [2018-11-14 19:03]:
> > These APIs are protected with some Basic Authentication, but they
> > are exposed only over intranet.
>
> FWIW, in our case the API is being hosted on the same server where the
> browser established a Shib session with and downloaded the Angular
> application from, so API access either requires Shib attributes
> (without forcing the creation of a session) or alternatively accepts
> tokens in HTTP Basic Auth headers[1].
> So other API clients are not forced to get a Shib session either.
> -peter
>
> [1] <Location /api/>
> AuthType shibboleth
> ShibRequestSetting requireSession false
> Require shib-session # or whatever
> <If "-n req('Authorization')">
> AuthType Basic
> AuthBasicProvider ...
> Require user ...
> # etc.
> </If>
> </Location>
> --
> For Consortium Member technical support, see
> https://wiki.shibboleth.net/confluence/x/coFAAg
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20181115/ae727bb5/attachment.html>
More information about the users
mailing list