How to implement discovery service with node js application?

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

How to implement discovery service with node js application?

dalipcse91
Hi Team,

I have two application, one is developed using ASP.NET MVC and other one is
developed using angular 2.0.
I hosted mvc app on IIS with SSO ISAPI filter to intercept request. When i
trying to access url : http://localhost/Shibboleth.sso/Login it redirect me
to discovery url, from where i can select IDP for authenticate.
*Now problem is with angular app (Hosted by node.js server). my first
question is:
1. How i attach shibboleth .sso filter with angular app?
2. How can i use discovery service with angualr 2 app.?
I want same flow for angular app like we did for mvc app.*
please help.
Looking for valuable response.




--
Sent from: http://shibboleth.1660669.n2.nabble.com/Shibboleth-Users-f1660767.html
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: How to implement discovery service with node js application?

Peter Schober
* dalipcse91 <[hidden email]> [2018-05-16 08:52]:
> I hosted mvc app on IIS with SSO ISAPI filter to intercept request. When i
> trying to access url : http://localhost/Shibboleth.sso/Login it redirect me
> to discovery url, from where i can select IDP for authenticate.
> *Now problem is with angular app (Hosted by node.js server).

Angular is a framework for client-side applications, i.e., they're
running on the JS interpreter of the web browser. But you're saying
your "angular app [is] (Hosted by node.js server)"?
Well, if it's running on the server then it's just like any other
(traditional) web application and you use the Shibboleth SP software
like usual. In this case by proxying to the Node.js web server from
Apache httpd (or a patched Nginx) and the Shibboleth SP, and using
provided session data from HTTP Request Headers set by the Shib SP.

> my first question is:
> 1. How i attach shibboleth .sso filter with angular app?

If things were the way you said (server-side application) then the
same way you'd use any other web application or framework with the
Shibboleth SP. (Whatever "attaching shibboleth .sso filter" means.)

> 2. How can i use discovery service with angualr 2 app.?

I guess you could either implement IDP Discovery within the
application, using the Shib SP's /Shibboleth.sso/DiscoFeed JSON as
basis (just like the Shibboleth EDS does, which is also a client-side
application in pure JavaScript+HTML+CSS).

Or you'd use the SAML IDP Discovery Protocol as specified by OASIS
(and implemented by e.g. the Shibboleth EDS or many other projects),
i.e., based on HTTP GET and redirects as per the specification.

> Looking for valuable response.

Stating the opposite ("Looking for useless resonses") would be rather
original.

-peter
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: How to implement discovery service with node js application?

Peter Schober
In reply to this post by dalipcse91
* dalipcse91 <[hidden email]> [2018-05-16 08:52]:
> *Now problem is with angular app (Hosted by node.js server)

So I guess what the above probably means is that -- even though you
have MS-IIS running as web server -- you're serving up static files
(JS, CSS, HTML) using node.js as a *second* web server -- for a purely
frontend-code app?
If that's the case then (1) you should stop using node.jas as a web
server outside of the development cycle, and (2) node.js does not
factor into any of that at all.

For an example how we used Angular with a Shib-protected RESTful API
check out the thread "Return 401 on expired/missing session" in the
archives.

The parts of your question that relate to IDP Discovery I've covered
already, I think.

-peter
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]