June 27, 2016

How to Handle SAML 2.0 HTTP Redirect Binding in AngularJS

"The default settings of the ui-router in AngularJS produces URLs like http://localhost/#/products/details/12345. Your Servlet gets a request for / and after a successful SAML authentication you are sent back to http://localhost/. The location hash #/products/details/12345 is lost during the authentication."

This is ok if you have a landing page, but not after session timeout.

"The solution was to enable the hmtl5mode in the $locationProvider and add a base tag to the HTML. When this feature is enabled, the URLs look like http://localhost/products/details/12345."

Reference: http://www.jasha.eu/blogposts/2015/10/saml-authentication-angularjs-spring-security.html

Also good links:

  1. https://www.mutuallyhuman.com/blog/2013/05/09/choosing-an-sso-strategy-saml-vs-oauth2/
  2. https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/458610/Identity_Assurance_Hub_Service_Profile_v1.2a.pdf

No comments: