Use HTTP verb in Service Provider request mapper
Peter Schober
peter.schober at univie.ac.at
Thu Oct 21 16:25:53 UTC 2021
* Fabien BERTEAU <fabien.berteau at manomano.com> [2021-10-21 14:51]:
> I thought I could avoid ECP in our SPAs by forcing the user to authenticate
> in order to download the SPA (classic SP initiated browser flow), then by
> embedding the SP session cookie during each call to a web service based on
> XMLHTTPRequest (same domain, so the browser should add it ?). Am I wrong ?
Maybe some of these posts (or threads) are of help to you:
https://shibboleth.net/pipermail/users/2018-April/039942.html
https://shibboleth.net/pipermail/users/2018-July/041162.html
https://shibboleth.net/pipermail/users/2018-November/042324.html
Best,
-peter
More information about the users
mailing list