Use HTTP verb in Service Provider request mapper
Fabien BERTEAU
fabien.berteau at manomano.com
Fri Oct 22 07:16:44 UTC 2021
Thanks Peter !
Maybe some of us should centralize and synthesize information about how to
secure SPA and web services with Shibboleth / SAML?
Fabien Berteau | Security Architect
Bordeaux
fabien.berteau at manomano.com <aurelien.lajoie at manomano.com>
Le jeu. 21 oct. 2021 à 18:26, Peter Schober <peter.schober at univie.ac.at> a
écrit :
> * Fabien BERTEAU <fabien.berteau at manomano.com> [2021-10-21 14:51]:
> > I thought I could avoid ECP in our SPAs by forcing the user to
> authenticate
> > in order to download the SPA (classic SP initiated browser flow), then by
> > embedding the SP session cookie during each call to a web service based
> on
> > XMLHTTPRequest (same domain, so the browser should add it ?). Am I wrong
> ?
>
> Maybe some of these posts (or threads) are of help to you:
>
> https://shibboleth.net/pipermail/users/2018-April/039942.html
>
> https://shibboleth.net/pipermail/users/2018-July/041162.html
>
> https://shibboleth.net/pipermail/users/2018-November/042324.html
>
> Best,
> -peter
> --
> For Consortium Member technical support, see
> https://shibboleth.atlassian.net/wiki/x/ZYEpPw
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20211022/03c70b03/attachment.htm>
More information about the users
mailing list