how to secure a spa application

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

how to secure a spa application

Starkey, Don [BSD] - CRI
Hello all,


 I need a spa application to be secured with Shibboleth, which is used by our university.  The application is a single page angular application.  We can secure a page on the server, so we do have the ability to access Shibboleth from our server.  The workflow that I want to implement follows.

1 user tries to access a specific landing page (protected by Shibboleth)
2 user is re-routed to Shibboleth for credentials.
3 NOT KNOWN - how to have the request rerouted to the SPA application.  Is there a server side method available to generate a Jason Web Token for the Shibboleth Authenticated user and redirect to the SPA???

I am very open to any workshops, or sample code that someone might have regarding Shibboleth's use in a single page application.  I have searched the web for such a sample without any luck.  Lack of Shibboleth integration would be a show stopper for us.  Any help or references are greatly appreciated.  I am sure someone has solved this problem.  Please help me, I am running out of resources.

Thank you for your time and any help that you may offer.

Any HELP is GREATLY appreciated!


Don Starkey
Lead Web Application Developer

Center for Research Informatics
The University of Chicago
5454 S. Shore Drive, 1D
Chicago, IL 60637
Phone:  773-834-4809
Email:  [hidden email]<mailto:[hidden email]>
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: how to secure a spa application

Boyd, Todd M.
If it's a true SPA, why don't you just have Shibboleth protect the entire thing (which exists as a single page)?


-Todd

-----Original Message-----
From: users <[hidden email]> On Behalf Of Starkey, Don [BSD] - CRI
Sent: Friday, July 06, 2018 1:16 PM
To: [hidden email]
Subject: how to secure a spa application

Hello all,


 I need a spa application to be secured with Shibboleth, which is used by our university.  The application is a single page angular application.  We can secure a page on the server, so we do have the ability to access Shibboleth from our server.  The workflow that I want to implement follows.

1 user tries to access a specific landing page (protected by Shibboleth)
2 user is re-routed to Shibboleth for credentials.
3 NOT KNOWN - how to have the request rerouted to the SPA application.  Is there a server side method available to generate a Jason Web Token for the Shibboleth Authenticated user and redirect to the SPA???

I am very open to any workshops, or sample code that someone might have regarding Shibboleth's use in a single page application.  I have searched the web for such a sample without any luck.  Lack of Shibboleth integration would be a show stopper for us.  Any help or references are greatly appreciated.  I am sure someone has solved this problem.  Please help me, I am running out of resources.

Thank you for your time and any help that you may offer.

Any HELP is GREATLY appreciated!


Don Starkey
Lead Web Application Developer

Center for Research Informatics
The University of Chicago
5454 S. Shore Drive, 1D
Chicago, IL 60637
Phone:  773-834-4809
Email:  [hidden email]<mailto:[hidden email]>
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: how to secure a spa application

Starkey, Don [BSD] - CRI
Hello,

How can I route to a server api that is in charge of instantiating a jwt token?  Plus I have one more requirement, developers need to be able to access application without going through Shibboleth.  Please pardon my ignorance in this framework.

Any sample would be of great help.

thank you,

Don Starkey
Lead Web Application Developer

Center for Research Informatics
The University of Chicago
5454 S. Shore Drive, 1D
Chicago, IL 60637
Phone:  773-834-4809
Email:  [hidden email]

________________________________________
From: users [[hidden email]] on behalf of Boyd, Todd M. [[hidden email]]
Sent: Friday, July 06, 2018 1:27 PM
To: Shib Users
Subject: RE: how to secure a spa application

If it's a true SPA, why don't you just have Shibboleth protect the entire thing (which exists as a single page)?


-Todd

-----Original Message-----
From: users <[hidden email]> On Behalf Of Starkey, Don [BSD] - CRI
Sent: Friday, July 06, 2018 1:16 PM
To: [hidden email]
Subject: how to secure a spa application

Hello all,


 I need a spa application to be secured with Shibboleth, which is used by our university.  The application is a single page angular application.  We can secure a page on the server, so we do have the ability to access Shibboleth from our server.  The workflow that I want to implement follows.

1 user tries to access a specific landing page (protected by Shibboleth)
2 user is re-routed to Shibboleth for credentials.
3 NOT KNOWN - how to have the request rerouted to the SPA application.  Is there a server side method available to generate a Jason Web Token for the Shibboleth Authenticated user and redirect to the SPA???

I am very open to any workshops, or sample code that someone might have regarding Shibboleth's use in a single page application.  I have searched the web for such a sample without any luck.  Lack of Shibboleth integration would be a show stopper for us.  Any help or references are greatly appreciated.  I am sure someone has solved this problem.  Please help me, I am running out of resources.

Thank you for your time and any help that you may offer.

Any HELP is GREATLY appreciated!


Don Starkey
Lead Web Application Developer

Center for Research Informatics
The University of Chicago
5454 S. Shore Drive, 1D
Chicago, IL 60637
Phone:  773-834-4809
Email:  [hidden email]<mailto:[hidden email]>
--
For Consortium Member technical support, see https://urldefense.proofpoint.com/v2/url?u=https-3A__wiki.shibboleth.net_confluence_x_coFAAg&d=DwICAg&c=Nd1gv_ZWYNIRyZYZmXb18oVfc3lTqv2smA_esABG70U&r=SyA2YCI7HlJq7K2uJNf8XuCvAFTPQKOAB76WrUUQM8M&m=vBiaYGxznKnY0EIj_eh1aEACGVfJfZC2tL-f6AL_yWo&s=cOLEhpS75ZidqZKETo_XPQVqNyN3wT9PN-7rMNJmyPw&e=
To unsubscribe from this list send an email to [hidden email]
--
For Consortium Member technical support, see https://urldefense.proofpoint.com/v2/url?u=https-3A__wiki.shibboleth.net_confluence_x_coFAAg&d=DwICAg&c=Nd1gv_ZWYNIRyZYZmXb18oVfc3lTqv2smA_esABG70U&r=SyA2YCI7HlJq7K2uJNf8XuCvAFTPQKOAB76WrUUQM8M&m=vBiaYGxznKnY0EIj_eh1aEACGVfJfZC2tL-f6AL_yWo&s=cOLEhpS75ZidqZKETo_XPQVqNyN3wT9PN-7rMNJmyPw&e=
To unsubscribe from this list send an email to [hidden email]
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: how to secure a spa application

Boyd, Todd M.
This is probably worth a look.

https://github.com/KULeuven-CCIS/idp-authn-jwt


-Todd


-----Original Message-----
From: users <[hidden email]> On Behalf Of Starkey, Don [BSD] - CRI
Sent: Friday, July 06, 2018 1:32 PM
To: Shib Users <[hidden email]>
Subject: RE: how to secure a spa application

Hello,

How can I route to a server api that is in charge of instantiating a jwt token?  Plus I have one more requirement, developers need to be able to access application without going through Shibboleth.  Please pardon my ignorance in this framework.

Any sample would be of great help.

thank you,

Don Starkey
Lead Web Application Developer

Center for Research Informatics
The University of Chicago
5454 S. Shore Drive, 1D
Chicago, IL 60637
Phone:  773-834-4809
Email:  [hidden email]

________________________________________
From: users [[hidden email]] on behalf of Boyd, Todd M. [[hidden email]]
Sent: Friday, July 06, 2018 1:27 PM
To: Shib Users
Subject: RE: how to secure a spa application

If it's a true SPA, why don't you just have Shibboleth protect the entire thing (which exists as a single page)?


-Todd

-----Original Message-----
From: users <[hidden email]> On Behalf Of Starkey, Don [BSD] - CRI
Sent: Friday, July 06, 2018 1:16 PM
To: [hidden email]
Subject: how to secure a spa application

Hello all,


 I need a spa application to be secured with Shibboleth, which is used by our university.  The application is a single page angular application.  We can secure a page on the server, so we do have the ability to access Shibboleth from our server.  The workflow that I want to implement follows.

1 user tries to access a specific landing page (protected by Shibboleth)
2 user is re-routed to Shibboleth for credentials.
3 NOT KNOWN - how to have the request rerouted to the SPA application.  Is there a server side method available to generate a Jason Web Token for the Shibboleth Authenticated user and redirect to the SPA???

I am very open to any workshops, or sample code that someone might have regarding Shibboleth's use in a single page application.  I have searched the web for such a sample without any luck.  Lack of Shibboleth integration would be a show stopper for us.  Any help or references are greatly appreciated.  I am sure someone has solved this problem.  Please help me, I am running out of resources.

Thank you for your time and any help that you may offer.

Any HELP is GREATLY appreciated!


Don Starkey
Lead Web Application Developer

Center for Research Informatics
The University of Chicago
5454 S. Shore Drive, 1D
Chicago, IL 60637
Phone:  773-834-4809
Email:  [hidden email]<mailto:[hidden email]>
--
For Consortium Member technical support, see https://urldefense.proofpoint.com/v2/url?u=https-3A__wiki.shibboleth.net_confluence_x_coFAAg&d=DwICAg&c=Nd1gv_ZWYNIRyZYZmXb18oVfc3lTqv2smA_esABG70U&r=SyA2YCI7HlJq7K2uJNf8XuCvAFTPQKOAB76WrUUQM8M&m=vBiaYGxznKnY0EIj_eh1aEACGVfJfZC2tL-f6AL_yWo&s=cOLEhpS75ZidqZKETo_XPQVqNyN3wT9PN-7rMNJmyPw&e=
To unsubscribe from this list send an email to [hidden email]
--
For Consortium Member technical support, see https://urldefense.proofpoint.com/v2/url?u=https-3A__wiki.shibboleth.net_confluence_x_coFAAg&d=DwICAg&c=Nd1gv_ZWYNIRyZYZmXb18oVfc3lTqv2smA_esABG70U&r=SyA2YCI7HlJq7K2uJNf8XuCvAFTPQKOAB76WrUUQM8M&m=vBiaYGxznKnY0EIj_eh1aEACGVfJfZC2tL-f6AL_yWo&s=cOLEhpS75ZidqZKETo_XPQVqNyN3wT9PN-7rMNJmyPw&e=
To unsubscribe from this list send an email to [hidden email]
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: how to secure a spa application

Greg Haverkamp
In reply to this post by Starkey, Don [BSD] - CRI
How can I route to a server api that is in charge of instantiating a jwt token?  Plus I have one more requirement, developers need to be able to access application without going through Shibboleth.  Please pardon my ignorance in this framework.

The simplest solution is likely to make your Shibboleth-protected landing "page" generate the JWT -- whatever it needs to do to generate it -- and deliver it with the application.

Greg

On Fri, Jul 6, 2018 at 11:32 AM Starkey, Don [BSD] - CRI <[hidden email]> wrote:
Hello,

How can I route to a server api that is in charge of instantiating a jwt token?  Plus I have one more requirement, developers need to be able to access application without going through Shibboleth.  Please pardon my ignorance in this framework.

Any sample would be of great help.

thank you,

Don Starkey
Lead Web Application Developer

Center for Research Informatics
The University of Chicago
5454 S. Shore Drive, 1D
Chicago, IL 60637
Phone:  773-834-4809
Email:  [hidden email]

________________________________________
From: users [[hidden email]] on behalf of Boyd, Todd M. [[hidden email]]
Sent: Friday, July 06, 2018 1:27 PM
To: Shib Users
Subject: RE: how to secure a spa application

If it's a true SPA, why don't you just have Shibboleth protect the entire thing (which exists as a single page)?


-Todd

-----Original Message-----
From: users <[hidden email]> On Behalf Of Starkey, Don [BSD] - CRI
Sent: Friday, July 06, 2018 1:16 PM
To: [hidden email]
Subject: how to secure a spa application

Hello all,


 I need a spa application to be secured with Shibboleth, which is used by our university.  The application is a single page angular application.  We can secure a page on the server, so we do have the ability to access Shibboleth from our server.  The workflow that I want to implement follows.

1 user tries to access a specific landing page (protected by Shibboleth)
2 user is re-routed to Shibboleth for credentials.
3 NOT KNOWN - how to have the request rerouted to the SPA application.  Is there a server side method available to generate a Jason Web Token for the Shibboleth Authenticated user and redirect to the SPA???

I am very open to any workshops, or sample code that someone might have regarding Shibboleth's use in a single page application.  I have searched the web for such a sample without any luck.  Lack of Shibboleth integration would be a show stopper for us.  Any help or references are greatly appreciated.  I am sure someone has solved this problem.  Please help me, I am running out of resources.

Thank you for your time and any help that you may offer.

Any HELP is GREATLY appreciated!


Don Starkey
Lead Web Application Developer

Center for Research Informatics
The University of Chicago
5454 S. Shore Drive, 1D
Chicago, IL 60637
Phone:  773-834-4809
Email:  [hidden email]<mailto:[hidden email]>
--
For Consortium Member technical support, see https://urldefense.proofpoint.com/v2/url?u=https-3A__wiki.shibboleth.net_confluence_x_coFAAg&d=DwICAg&c=Nd1gv_ZWYNIRyZYZmXb18oVfc3lTqv2smA_esABG70U&r=SyA2YCI7HlJq7K2uJNf8XuCvAFTPQKOAB76WrUUQM8M&m=vBiaYGxznKnY0EIj_eh1aEACGVfJfZC2tL-f6AL_yWo&s=cOLEhpS75ZidqZKETo_XPQVqNyN3wT9PN-7rMNJmyPw&e=
To unsubscribe from this list send an email to [hidden email]
--
For Consortium Member technical support, see https://urldefense.proofpoint.com/v2/url?u=https-3A__wiki.shibboleth.net_confluence_x_coFAAg&d=DwICAg&c=Nd1gv_ZWYNIRyZYZmXb18oVfc3lTqv2smA_esABG70U&r=SyA2YCI7HlJq7K2uJNf8XuCvAFTPQKOAB76WrUUQM8M&m=vBiaYGxznKnY0EIj_eh1aEACGVfJfZC2tL-f6AL_yWo&s=cOLEhpS75ZidqZKETo_XPQVqNyN3wT9PN-7rMNJmyPw&e=
To unsubscribe from this list send an email to [hidden email]
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]

--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]